Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help-First visit and HiJack Log [RESOLVED]

Started by BIGROD , Apr 20 2005 03:19 PM

This topic is locked

#16
Daemon

Posted 26 April 2005 - 01:41 PM

Security Expert

Retired Staff
4,356 posts

Click here to download eScan's mwav application. Double-click it to run it, select all local drives, scan all files, press 'scan' and when it is completed, anything found will be displayed in the lower pane. Highlight it, CTRL C and paste it in your next reply.

#17
BIGROD

Posted 27 April 2005 - 05:16 AM

Member

Topic Starter
Member
87 posts

Good lord! I had no idea there was this big of a mess :tazz:

Now, is there any way to get rid of it that won't involve me completely wiping my system and reinstalling my OS?

File C:\Documents and Settings\Rodney\Local Settings\Temp\dat342.tmp infected by "Trojan-Downloader.JS.Psyme.s" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Rodney\Local Settings\Temp\mw.exe infected by "Backdoor.Win32.VB.oq" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Rodney\Local Settings\Temp\sp.html infected by "Trojan.JS.StartPage.u" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Rodney\Local Settings\Temporary Internet Files\Content.IE5\0L47OFGB\cxmsx[1].exe infected by "Trojan-Dropper.Win32.Small.ja" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Rodney\Local Settings\Temporary Internet Files\Content.IE5\0L47OFGB\hp2[1].exe infected by "not-a-virus:AdWare.WinFetcher.b" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Rodney\Local Settings\Temporary Internet Files\Content.IE5\69FG5K3Q\cxmsx[1].exe infected by "Trojan-Dropper.Win32.Small.ja" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\1Ta03812\enhupdt.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\djtopr1150.exe infected by "not-a-virus:AdWare.WebRebates.g" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\DrTemp\bho_prob.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\mynut2.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\rndrcus.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\SahUpdate\aj8sml3fo_.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\SahUpdate\h63v2629j_.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\SahUpdate\lcp4q80t9_.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\SahUpdate\setup4003.cab infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\SahUpdate\uu1en13ec_.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\THI264B.tmp\dlmax.cab infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\THI264B.tmp\dlmax.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\wupdt.exe infected by "Trojan-Downloader.Win32.Intexp.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\HIJACK THIS\backups\backup-20050417-221923-879.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\HIJACK THIS\backups\backup-20050419-222427-506.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\HIJACK THIS\backups\backup-20050419-222428-832.dll infected by "not-a-virus:AdWare.BHO.NoName.m" Virus. Action Taken: No Action Taken.
File C:\Program Files\HIJACK THIS\backups\backup-20050424-171934-899.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\081F25A9 infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\08487A33 infected by "Trojan-Downloader.Win32.Dyfuca.cr" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\08624A16 infected by "Trojan-Downloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\086C480C infected by "Trojan-Downloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11BC2AE7.tmp infected by "Trojan-Downloader.VBS.Psyme.x" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\12BF2C6D infected by "Trojan-Downloader.VBS.Psyme.y" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1809113B infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1C7C00CF.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1D5508E8 infected by "Trojan-Downloader.Win32.Agent.aw" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\20021F4F infected by "Trojan.Win32.StartPage.ld" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\21E01C7E infected by "Trojan-Downloader.Win32.Small.py" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\28E544E7 infected by "not-a-virus:AdWare.BlazeFind.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\30435F0C infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\305330FA infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\305A04F3 infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\305D2EEF infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\30672CE4 infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\306D00DD infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\307454D6 infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\30777ED2 infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\307A28CF infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\309478B2 infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\309822AE infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\30A220A4 infected by "Trojan-Clicker.Win32.VB.ex" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\30A54AA0 infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\318B7B88 infected by "Trojan.Win32.VB.kq" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\406C32EC infected by "Trojan-Downloader.Win32.Dyfuca.cs" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\44D57161 infected by "Trojan-Downloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49FF72A1.exe infected by "Trojan-Downloader.Win32.Small.uv" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4A097096.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4A097096.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4A0C1A93.exe infected by "Trojan-Downloader.Win32.Small.uv" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4A136E8B.exe infected by "Trojan-Downloader.Win32.Small.uv" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4A136E8B.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4CCD5BCF infected by "Trojan-Dropper.Win32.Delf.ev" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4EDE6D89 infected by "Trojan-Downloader.Win32.VB.dj" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\514536BE infected by "Trojan-Clicker.Win32.Delf.r" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\51690496 infected by "Trojan-Downloader.Win32.Dyfuca.cr" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\51795684 infected by "Trojan-Downloader.Win32.Agent.ab" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\517C0081 infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\51867E76 infected by "Trojan-Downloader.Win32.Dyfuca.cs" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\518711D4 infected by "Trojan-Downloader.Win32.Apropo.r" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\51932668 infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\51975064 infected by "Trojan-Downloader.Win32.Agent.aw" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\519D245D infected by "Trojan-Downloader.Win32.Dyfuca.co" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\519D37BB infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\51A47856 infected by "Trojan-Downloader.Win32.Dyfuca.cq" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\51AD764B infected by "Trojan-Downloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\51B12047 infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\51EC6F06.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\520314ED.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\520C12E2.class infected by "Trojan.Java.ClassLoader.Dummy.d" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5BA37A37 infected by "Trojan-Downloader.Win32.Agent.eq" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5BB77622 infected by "Trojan-Downloader.Win32.Agent.eq" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\64EC381D infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6B16514E infected by "Trojan-Downloader.Win32.PurityScan.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\712E1107 infected by "Trojan.Win32.VB.kq" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\71380EFC infected by "Trojan.Win32.VB.kq" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\713E62F5 infected by "not-a-virus:AdWare.BlazeFind.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74870BA2 infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74910997 infected by "Trojan-Downloader.Win32.Dyfuca.cq" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74A15B85 infected by "Trojan-Downloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74AB597A infected by "Trojan-Downloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74BF5565 infected by "Trojan-Downloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74C9535A infected by "Trojan-Downloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74D67B4B infected by "not-a-virus:AdWare.ToolBar.ImiBar.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74D92548 infected by "Trojan-Downloader.Win32.Agent.ab" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74DB51F2.exe infected by "Trojan-Downloader.Win32.Small.uv" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7A574404 infected by "Trojan.JS.Seeker-based" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7AA209B1 infected by "Trojan.JS.Seeker-based" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7B111D37 infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7B6C34D2 infected by "Trojan-Downloader.VBS.Psyme.y" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7C040C10.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP290\A0013398.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP291\A0013404.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013418.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013420.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013421.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013422.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013423.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013424.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013425.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013426.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013427.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013428.srg infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013429.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013431.exe infected by "Trojan-Clicker.Win32.VB.ex" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013432.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP296\A0013456.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP343\A0015002.exe infected by "Trojan-Downloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP343\A0015004.dll infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP343\A0015005.exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP343\A0015006.exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP534\A0043567.exe tagged as not-a-virus:RiskWare.Downloader.DigStream. No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP536\A0043624.dll infected by "Trojan-Downloader.Win32.Small.pm" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP537\A0043655.dll infected by "Trojan-Downloader.Win32.Small.pm" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP539\A0043733.dll infected by "Trojan-Downloader.Win32.Small.pm" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP540\A0043736.dll infected by "Trojan-Downloader.Win32.Small.pm" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP560\A0046189.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP560\A0046190.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP560\A0046209.rps infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP560\A0046210.rps infected by "not-a-virus:AdWare.ToolBar.MyWay.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP566\A0046455.dll infected by "Trojan.Win32.StartPage.ld" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP566\A0046456.dll infected by "Trojan.Win32.StartPage.ld" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP574\A0047565.exe infected by "Trojan.Win32.Scapur.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP574\A0047571.dll infected by "not-a-virus:AdWare.PurityScan.s" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP574\A0047572.exe infected by "not-a-virus:AdWare.PurityScan.m" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP574\A0047755.exe infected by "Trojan-Downloader.Win32.VB.dj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047764.exe infected by "Trojan-Downloader.Win32.VB.dj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047766.dll infected by "Trojan-Downloader.Win32.Agent.ba" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047767.exe infected by "Backdoor.Win32.VB.oq" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047768.exe infected by "Backdoor.Win32.VB.nb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047769.exe infected by "Trojan-Downloader.Win32.VB.dj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047770.exe infected by "Backdoor.Win32.VB.oq" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047771.exe infected by "Backdoor.Win32.VB.nb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047772.exe infected by "Backdoor.Win32.VB.nb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047773.dll infected by "Trojan-Downloader.Win32.Small.pm" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047774.exe infected by "not-a-virus:AdWare.PurityScan.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047775.exe infected by "Backdoor.Win32.VB.nb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047776.exe infected by "Trojan-Downloader.Win32.VB.dj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047777.exe infected by "Backdoor.Win32.VB.oq" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047778.dll infected by "not-a-virus:AdWare.SaveNow.s" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047779.exe infected by "not-a-virus:AdWare.SaveNow.v" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047785.exe infected by "Trojan-Downloader.Win32.VB.dj" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\70tovmto.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\dlmax.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\enhtb.dll infected by "not-a-virus:AdWare.BHO.NoName.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\enhtb.exe infected by "not-a-virus:AdWare.BHO.NoName.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\enhupdt.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\preInsMt.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\systb.dll_tobedeleted infected by "not-a-virus:AdWare.ToolBar.ImiBar.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\2b3fsk0h.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\bln02nqv.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\gah95on6.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\WINDOWS\system32\mac80ex.idf infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\netut80ex.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File D:\Direct Connect downloads\Deadaim v4.1\patch.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File D:\Direct Connect downloads\EZ-CreditRepair.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thanks for your patience.

#18
Daemon

Posted 27 April 2005 - 02:07 PM

Security Expert

Retired Staff
4,356 posts

Click here to download Pocket Killbox by Option^Explicit. Extract it from the zip file to your desktop.

Start Killbox and click on Tools->Delete Temp Files. When that finishes, copy and paste each of the following lines into the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each. Keep track of any files it tells you either could not be found or could not be deleted, as you'll need those later:

C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\1Ta03812\enhupdt.exe
C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\djtopr1150.exe
C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\DrTemp\bho_prob.exe
C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\mynut2.exe
C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\rndrcus.exe
C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\SahUpdate\aj8sml3fo_.exe
C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\SahUpdate\h63v2629j_.exe
C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\SahUpdate\lcp4q80t9_.dll
C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\SahUpdate\setup4003.cab
C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\SahUpdate\uu1en13ec_.exe
C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\THI264B.tmp\dlmax.cab
C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\THI264B.tmp\dlmax.dll
C:\Documents and Settings\Rodney.ROBERTS-QZE52I5\Local Settings\Temp\wupdt.exe
C:\Documents and Settings\Rodney\Local Settings\Temp\dat342.tmp
C:\Documents and Settings\Rodney\Local Settings\Temp\mw.exe
C:\Documents and Settings\Rodney\Local Settings\Temp\sp.html
C:\Documents and Settings\Rodney\Local Settings\Temporary Internet Files\Content.IE5\0L47OFGB\cxmsx[1].exe
C:\Documents and Settings\Rodney\Local Settings\Temporary Internet Files\Content.IE5\0L47OFGB\hp2[1].exe
C:\Documents and Settings\Rodney\Local Settings\Temporary Internet Files\Content.IE5\69FG5K3Q\cxmsx[1].exe
C:\WINDOWS\70tovmto.exe
C:\WINDOWS\dlmax.dll
C:\WINDOWS\enhtb.dll
C:\WINDOWS\enhtb.exe
C:\WINDOWS\enhupdt.exe
C:\WINDOWS\preInsMt.exe
C:\WINDOWS\systb.dll
C:\WINDOWS\system32\2b3fsk0h.dll
C:\WINDOWS\system32\bln02nqv.exe
C:\WINDOWS\system32\gah95on6.exe
C:\WINDOWS\system32\mac80ex.idf
C:\WINDOWS\system32\netut80ex.vxd

For the files that it either couldn't find or couldn't delete, in the killbox again this time, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

Reboot if it doesn't do so automatically. Post a new mwav scan in your next reply.

#19
BIGROD

Posted 28 April 2005 - 05:16 AM

Member

Topic Starter
Member
87 posts

mwav scan

File C:\!Submit\2b3fsk0h.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\!Submit\70tovmto.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\!Submit\bln02nqv.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\!Submit\cxmsx[1].exe infected by "Trojan-Dropper.Win32.Small.ja" Virus. Action Taken: No Action Taken.
File C:\!Submit\dat342.tmp infected by "Trojan-Downloader.JS.Psyme.s" Virus. Action Taken: No Action Taken.
File C:\!Submit\dlmax.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\!Submit\enhtb.dll infected by "not-a-virus:AdWare.BHO.NoName.m" Virus. Action Taken: No Action Taken.
File C:\!Submit\enhtb.exe infected by "not-a-virus:AdWare.BHO.NoName.m" Virus. Action Taken: No Action Taken.
File C:\!Submit\enhupdt.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
File C:\!Submit\gah95on6.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\!Submit\hp2[1].exe infected by "not-a-virus:AdWare.WinFetcher.b" Virus. Action Taken: No Action Taken.
File C:\!Submit\mac80ex.idf infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\!Submit\mw.exe infected by "Backdoor.Win32.VB.oq" Virus. Action Taken: No Action Taken.
File C:\!Submit\netut80ex.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\!Submit\preInsMt.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\!Submit\sp.html infected by "Trojan.JS.StartPage.u" Virus. Action Taken: No Action Taken.
File C:\Program Files\HIJACK THIS\backups\backup-20050417-221923-879.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\HIJACK THIS\backups\backup-20050419-222427-506.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\HIJACK THIS\backups\backup-20050419-222428-832.dll infected by "not-a-virus:AdWare.BHO.NoName.m" Virus. Action Taken: No Action Taken.
File C:\Program Files\HIJACK THIS\backups\backup-20050424-171934-899.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\081F25A9 infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\08487A33 infected by "Trojan-Downloader.Win32.Dyfuca.cr" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\08624A16 infected by "Trojan-Downloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\086C480C infected by "Trojan-Downloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11BC2AE7.tmp infected by "Trojan-Downloader.VBS.Psyme.x" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\12BF2C6D infected by "Trojan-Downloader.VBS.Psyme.y" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1809113B infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1C7C00CF.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1D5508E8 infected by "Trojan-Downloader.Win32.Agent.aw" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\20021F4F infected by "Trojan.Win32.StartPage.ld" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\21E01C7E infected by "Trojan-Downloader.Win32.Small.py" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\28E544E7 infected by "not-a-virus:AdWare.BlazeFind.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\30435F0C infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\305330FA infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\305A04F3 infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\305D2EEF infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\30672CE4 infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\306D00DD infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\307454D6 infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\30777ED2 infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\307A28CF infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\309478B2 infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\309822AE infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\30A220A4 infected by "Trojan-Clicker.Win32.VB.ex" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\30A54AA0 infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\318B7B88 infected by "Trojan.Win32.VB.kq" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\406C32EC infected by "Trojan-Downloader.Win32.Dyfuca.cs" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\44D57161 infected by "Trojan-Downloader.Win32.Small.kq" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49FF72A1.exe infected by "Trojan-Downloader.Win32.Small.uv" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4A097096.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4A097096.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4A0C1A93.exe infected by "Trojan-Downloader.Win32.Small.uv" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4A136E8B.exe infected by "Trojan-Downloader.Win32.Small.uv" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4A136E8B.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4CCD5BCF infected by "Trojan-Dropper.Win32.Delf.ev" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4EDE6D89 infected by "Trojan-Downloader.Win32.VB.dj" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\514536BE infected by "Trojan-Clicker.Win32.Delf.r" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\51690496 infected by "Trojan-Downloader.Win32.Dyfuca.cr" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\51795684 infected by "Trojan-Downloader.Win32.Agent.ab" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\517C0081 infected by "Trojan-Downloader.Win32.Agent.ap" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\51867E76 infected by "Trojan-Downloader.Win32.Dyfuca.cs" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\518711D4 infected by "Trojan-Downloader.Win32.Apropo.r" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\51932668 infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\51975064 infected by "Trojan-Downloader.Win32.Agent.aw" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\519D245D infected by "Trojan-Downloader.Win32.Dyfuca.co" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\519D37BB infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\51A47856 infected by "Trojan-Downloader.Win32.Dyfuca.cq" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\51AD764B infected by "Trojan-Downloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\51B12047 infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\51EC6F06.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\520314ED.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\520C12E2.class infected by "Trojan.Java.ClassLoader.Dummy.d" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5BA37A37 infected by "Trojan-Downloader.Win32.Agent.eq" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5BB77622 infected by "Trojan-Downloader.Win32.Agent.eq" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\64EC381D infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6B16514E infected by "Trojan-Downloader.Win32.PurityScan.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\712E1107 infected by "Trojan.Win32.VB.kq" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\71380EFC infected by "Trojan.Win32.VB.kq" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\713E62F5 infected by "not-a-virus:AdWare.BlazeFind.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74870BA2 infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74910997 infected by "Trojan-Downloader.Win32.Dyfuca.cq" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74A15B85 infected by "Trojan-Downloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74AB597A infected by "Trojan-Downloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74BF5565 infected by "Trojan-Downloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74C9535A infected by "Trojan-Downloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74D67B4B infected by "not-a-virus:AdWare.ToolBar.ImiBar.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74D92548 infected by "Trojan-Downloader.Win32.Agent.ab" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74DB51F2.exe infected by "Trojan-Downloader.Win32.Small.uv" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7A574404 infected by "Trojan.JS.Seeker-based" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7AA209B1 infected by "Trojan.JS.Seeker-based" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7B111D37 infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7B6C34D2 infected by "Trojan-Downloader.VBS.Psyme.y" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7C040C10.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP290\A0013398.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP291\A0013404.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013418.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013420.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013421.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013422.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013423.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013424.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013425.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013426.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013427.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013428.srg infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013429.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013431.exe infected by "Trojan-Clicker.Win32.VB.ex" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP292\A0013432.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP296\A0013456.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP343\A0015002.exe infected by "Trojan-Downloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP343\A0015004.dll infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP343\A0015005.exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP343\A0015006.exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP349\A0015139.exe infected by "Trojan-Dropper.Win32.Small.ja" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP349\A0015140.exe infected by "not-a-virus:AdWare.WinFetcher.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP349\A0015141.exe infected by "Trojan-Dropper.Win32.Small.ja" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP349\A0015142.exe infected by "Backdoor.Win32.VB.oq" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP349\A0015143.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP349\A0015144.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP349\A0015145.dll infected by "not-a-virus:AdWare.BHO.NoName.m" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP349\A0015146.exe infected by "not-a-virus:AdWare.BHO.NoName.m" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP349\A0015147.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP349\A0015148.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP349\A0015149.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP349\A0015150.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP349\A0015151.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP349\A0015152.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP534\A0043567.exe tagged as not-a-virus:RiskWare.Downloader.DigStream. No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP536\A0043624.dll infected by "Trojan-Downloader.Win32.Small.pm" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP537\A0043655.dll infected by "Trojan-Downloader.Win32.Small.pm" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP539\A0043733.dll infected by "Trojan-Downloader.Win32.Small.pm" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP540\A0043736.dll infected by "Trojan-Downloader.Win32.Small.pm" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP560\A0046189.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP560\A0046190.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP560\A0046209.rps infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP560\A0046210.rps infected by "not-a-virus:AdWare.ToolBar.MyWay.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP566\A0046455.dll infected by "Trojan.Win32.StartPage.ld" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP566\A0046456.dll infected by "Trojan.Win32.StartPage.ld" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP574\A0047565.exe infected by "Trojan.Win32.Scapur.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP574\A0047571.dll infected by "not-a-virus:AdWare.PurityScan.s" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP574\A0047572.exe infected by "not-a-virus:AdWare.PurityScan.m" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP574\A0047755.exe infected by "Trojan-Downloader.Win32.VB.dj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047764.exe infected by "Trojan-Downloader.Win32.VB.dj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047766.dll infected by "Trojan-Downloader.Win32.Agent.ba" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047767.exe infected by "Backdoor.Win32.VB.oq" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047768.exe infected by "Backdoor.Win32.VB.nb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047769.exe infected by "Trojan-Downloader.Win32.VB.dj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047770.exe infected by "Backdoor.Win32.VB.oq" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047771.exe infected by "Backdoor.Win32.VB.nb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047772.exe infected by "Backdoor.Win32.VB.nb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047773.dll infected by "Trojan-Downloader.Win32.Small.pm" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047774.exe infected by "not-a-virus:AdWare.PurityScan.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047775.exe infected by "Backdoor.Win32.VB.nb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047776.exe infected by "Trojan-Downloader.Win32.VB.dj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047777.exe infected by "Backdoor.Win32.VB.oq" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047778.dll infected by "not-a-virus:AdWare.SaveNow.s" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047779.exe infected by "not-a-virus:AdWare.SaveNow.v" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{25258E39-376A-4CD8-A459-7F402854E405}\RP575\A0047785.exe infected by "Trojan-Downloader.Win32.VB.dj" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\systb.dll_tobedeleted infected by "not-a-virus:AdWare.ToolBar.ImiBar.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File D:\Direct Connect downloads\Deadaim v4.1\patch.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File D:\Direct Connect downloads\EZ-CreditRepair.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

#20
Daemon

Posted 30 April 2005 - 12:04 AM

Security Expert

Retired Staff
4,356 posts

OK good. Using Windows Explorer, navigate to the !Submit folder on the C:\ drive and inside you will the files removed by TheKillbox - zip them up and send to this e-mail address including a link to this thread in the body of the email. Then delete that folder.

Next follow this sequence:

1. Right-click My Computer>Click Properties>Click the System Restore tab>Check the box next to 'Turn off System Restore on all drives'>Click Apply>Click OK.

2. Reboot.

3. Repeat the process but this time remove the check from the box.

Post a new HJT log when done.

#21
BIGROD

Posted 03 May 2005 - 09:29 AM

Member

Topic Starter
Member
87 posts

I can't get the email to go through because the zip file contains malware.

#22
Daemon

Posted 03 May 2005 - 09:34 AM

Security Expert

Retired Staff
4,356 posts

OK don't worry about it. Just delete that folder and complete the rest of my instructions.

#23
BIGROD

Posted 03 May 2005 - 05:20 PM

Member

Topic Starter
Member
87 posts

Logfile of HijackThis v1.99.1
Scan saved at 7:19:55 PM, on 5/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\mgabg.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Saved files\download\PC fix tools_from geeks2go\HIJACK THIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\RODNEY~1.ROB\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#24
Daemon

Posted 04 May 2005 - 01:23 AM

Security Expert

Retired Staff
4,356 posts

Looks better. Click here to make sure that you have the latest Critical Update patches for Windows. It's very important to keep your system up to date to avoid unnecessary security risks.

How is it running now?

#25
BIGROD

Posted 04 May 2005 - 09:19 PM

Member

Topic Starter
Member
87 posts

It's running a little better now. I don't know though, it might just be me but I still feel like it isn't running at 100%. Web browsing has improved.

#26
Daemon

Posted 05 May 2005 - 12:57 AM

Security Expert

Retired Staff
4,356 posts

Do this to remove the junk from your system. Click here to download System Security Suite. Extract it from the zip file into a folder and doubleclick on sss.exe. Check the boxes under the 'Items to Clear' tab and click 'Clear Selected Items'. You will be prompted to reboot, do so. Repeat for all log-in accounts on your computer.

Other than that I'm not sure if there's anything more to do - we have removed all the malware from your system. Let me know if you see any improvement after running SSS.

#27
Daemon

Posted 23 July 2005 - 02:34 PM

Security Expert

Retired Staff
4,356 posts

Due to inactivity this topic will be closed.

If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.