Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

my log [RESOLVED]

Started by hypochondriac , Jun 16 2005 08:26 AM

  • This topic is locked This topic is locked

#16
hypochondriac
Posted 18 June 2005 - 09:28 AM

hypochondriac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
right then. After working on it I think I have managed to carry out all your instructions. Thank you for making it clear. When I restarted the computer the trojans disappeared but now norton is recognising them again (although not as frequently). Here is my about buster log: (I ran it a few times as I had to restart the computer)

AboutBuster 5.0 reference file 28
Scan started on [17/06/2005] at [23:56:16]
------------------------------------------------
Removed Stream! C:\WINDOWS\1024 IBM Leaves.bmp:feuysy
Removed Stream! C:\WINDOWS\1024 IBM Leaves.bmp:gwlehd
Removed Stream! C:\WINDOWS\1024 IBM Mechanical.bmp:kujgnp
Removed Stream! C:\WINDOWS\1024 IBM Quote Mechanical.bmp:rwejbg
Removed Stream! C:\WINDOWS\1024GLOB.BMP:taqavc
Removed Stream! C:\WINDOWS\1024GLOB.BMP:zwgzed
Removed Stream! C:\WINDOWS\1280 IBM Leaves.bmp:qxhjmf
Removed Stream! C:\WINDOWS\1280 IBM Quote Leaves.bmp:qgfrpl
Removed Stream! C:\WINDOWS\1280 IBM Quote Mechanical.bmp:jxrohq
Removed Stream! C:\WINDOWS\1280GLOB.BMP:bvbdyv
Removed Stream! C:\WINDOWS\1400 IBM Leaves.bmp:ecttrx
Removed Stream! C:\WINDOWS\1400 IBM Leaves.bmp:kdqkur
Removed Stream! C:\WINDOWS\1400 IBM Mechanical.bmp:gwwtw
Removed Stream! C:\WINDOWS\1400 IBM Mechanical.bmp:xochjc
Removed Stream! C:\WINDOWS\1400 IBM Quote Leaves.bmp:sbghwr
Removed Stream! C:\WINDOWS\1600GLOB.BMP:npugty
Removed Stream! C:\WINDOWS\1600GLOB.BMP:nzvehx
Removed Stream! C:\WINDOWS\1600GLOB.BMP:qpmnde
Removed Stream! C:\WINDOWS\800 IBM Leaves.bmp:kczmqt
Removed Stream! C:\WINDOWS\800 IBM Quote Mechanical.bmp:cvncax
Removed Stream! C:\WINDOWS\800GLOB.BMP:nflilo
Removed Stream! C:\WINDOWS\Active Setup Log.txt:tqxfzz
Removed Stream! C:\WINDOWS\Active Setup Log.txt:yqxqpt
Removed Stream! C:\WINDOWS\agrgz.dat:khnhjy
Removed Stream! C:\WINDOWS\ajmru.log:difnmi
Removed Stream! C:\WINDOWS\ajmru.log:rrperv
Removed Stream! C:\WINDOWS\ajmru.log:yayovj
Removed Stream! C:\WINDOWS\aowss.txt:esaqvm
Removed Stream! C:\WINDOWS\aowss.txt:ghrnlo
Removed Stream! C:\WINDOWS\bbexl.log:zbyuzu
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:deatcp
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:fxqnws
Removed Stream! C:\WINDOWS\bootstat.dat:rauxib
Removed Stream! C:\WINDOWS\bwgzc.log:kvjmwg
Removed Stream! C:\WINDOWS\cdplayer.ini:tvcfbg
Removed Stream! C:\WINDOWS\cdytw.txt:dvusyr
Removed Stream! C:\WINDOWS\clock.avi:ofdlrk
Removed Stream! C:\WINDOWS\Coffee Bean.bmp:lvnkdi
Removed Stream! C:\WINDOWS\control.ini:ewfqys
Removed Stream! C:\WINDOWS\control.ini:lfogiw
Removed Stream! C:\WINDOWS\control.ini:pymrjd
Removed Stream! C:\WINDOWS\dxjmm.dat:azyjgy
Removed Stream! C:\WINDOWS\egdez.dat:qbimvv
Removed Stream! C:\WINDOWS\eoong.dat:iubspf
Removed Stream! C:\WINDOWS\farmmext.ini:ohkdht
Removed Stream! C:\WINDOWS\farmmext.ini:tulxrq
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:pnfjlh
Removed Stream! C:\WINDOWS\fhjmz.dat:gacjbd
Removed Stream! C:\WINDOWS\Greenstone.bmp:kpbhce
Removed Stream! C:\WINDOWS\IBM.SCR:lerbiq
Removed Stream! C:\WINDOWS\iis6.log:vjesyr
Removed Stream! C:\WINDOWS\jautoexp.dat:aqyxnc
Removed Stream! C:\WINDOWS\jimsf.log:rbtpni
Removed Stream! C:\WINDOWS\jrlto.txt:trrchn
Removed Stream! C:\WINDOWS\kamrj.dat:zxxcue
Removed Stream! C:\WINDOWS\KB828741.log:pffhya
Removed Stream! C:\WINDOWS\KB835732.log:bfjtqd
Removed Stream! C:\WINDOWS\KB842773.log:igynal
Removed Stream! C:\WINDOWS\marjx.dat:cdwaju
Removed Stream! C:\WINDOWS\mbkzk.txt:zinhcp
Removed Stream! C:\WINDOWS\mcmsu.dat:jyamrr
Removed Stream! C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt:bxgnry
Removed Stream! C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt:zzxfbx
Removed Stream! C:\WINDOWS\nqhdm.dat:myjynk
Removed Stream! C:\WINDOWS\ntbtlog.txt:byshbx
Removed Stream! C:\WINDOWS\ntbtlog.txt:gxhioy
Removed Stream! C:\WINDOWS\ODBC.INI:tecwnt
Removed Stream! C:\WINDOWS\OEWABLog.txt:lenchv
Removed Stream! C:\WINDOWS\OEWABLog.txt:mavaxr
Removed Stream! C:\WINDOWS\ogqaj.log:szbfhl
Removed Stream! C:\WINDOWS\omyao.log:rqstkl
Removed Stream! C:\WINDOWS\opygc.dat:riwyjh
Removed Stream! C:\WINDOWS\oyqgk.txt:dunaev
Removed Stream! C:\WINDOWS\pprgc.dat:klceye
Removed Stream! C:\WINDOWS\Q329115.log:hojyus
Removed Stream! C:\WINDOWS\Q329834.log:zpbexc
Removed Stream! C:\WINDOWS\qqjbh.txt:mcswie
Removed Stream! C:\WINDOWS\qqjbh.txt:vmnxmy
Removed Stream! C:\WINDOWS\qusbj.log:hsvplv
Removed Stream! C:\WINDOWS\qusbj.log:kpffmx
Removed Stream! C:\WINDOWS\REGLOCS.OLD:lzkpko
Removed Stream! C:\WINDOWS\regopt.log:obhezo
Removed Stream! C:\WINDOWS\Rhododendron.bmp:vrqyak
Removed Stream! C:\WINDOWS\rhxdg.txt:dzuvey
Removed Stream! C:\WINDOWS\River Sumida.bmp:styahi
Removed Stream! C:\WINDOWS\rpjxl.log:oradcu
Removed Stream! C:\WINDOWS\rpjxl.log:rptafy
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:kmrfbs
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:oyqgkt
Removed Stream! C:\WINDOWS\SchedLgU.Txt:lptgji
Removed Stream! C:\WINDOWS\setupact.log:hzblmd
Removed Stream! C:\WINDOWS\smwec.dat:bphoir
Removed Stream! C:\WINDOWS\snpstd.ini:icfery
Removed Stream! C:\WINDOWS\snpstd.src:qexxyx
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:xzkshl
Removed Stream! C:\WINDOWS\spupdsvc.log:mshsdu
Removed Stream! C:\WINDOWS\Sti_Trace.log:adqsla
Removed Stream! C:\WINDOWS\sujbe.txt:kerukv
Removed Stream! C:\WINDOWS\SYMEVENT.LOG:noiome
Removed Stream! C:\WINDOWS\tcgkt.log:mpgjzz
Removed Stream! C:\WINDOWS\tcgkt.log:tgapuk
Removed Stream! C:\WINDOWS\tcgkt.log:ufkzmy
Removed Stream! C:\WINDOWS\translat.ini:lgtvwu
Removed Stream! C:\WINDOWS\translat.ini:nfuegi
Removed Stream! C:\WINDOWS\tsoc.log:isnldy
Removed Stream! C:\WINDOWS\uighs.dat:frarov
Removed Stream! C:\WINDOWS\unwise.ini:yqlhiz
Removed Stream! C:\WINDOWS\vbaddin.ini:udjbam
Removed Stream! C:\WINDOWS\vtykg.dat:neugcx
Removed Stream! C:\WINDOWS\vtykg.dat:pynrko
Removed Stream! C:\WINDOWS\vtykg.dat:qkdbdq
Removed Stream! C:\WINDOWS\vubzo.dat:fjtdqc
Removed Stream! C:\WINDOWS\wiaservc.log:larsry
Removed Stream! C:\WINDOWS\winamp.ini:qcwwmp
Removed Stream! C:\WINDOWS\WindowsUpdate.log:laipjm
Removed Stream! C:\WINDOWS\winnt.bmp:idpbhz
Removed Stream! C:\WINDOWS\winnt.bmp:obudfl
Removed Stream! C:\WINDOWS\wjijs.txt:dbtudw
Removed Stream! C:\WINDOWS\wjjsp.dat:ktgwrj
Removed Stream! C:\WINDOWS\wjjsp.dat:thkelw
Removed Stream! C:\WINDOWS\wjjsp.dat:tqapby
Removed Stream! C:\WINDOWS\wkagm.dat:hcnihv
Removed Stream! C:\WINDOWS\wmsetup.log:wclzxy
Removed Stream! C:\WINDOWS\wmsetup10.log:gbjevh
Removed Stream! C:\WINDOWS\WMSysPrx.prx:ovefzj
Removed Stream! C:\WINDOWS\xeond.dat:wbgubu
Removed Stream! C:\WINDOWS\yjkwi.dat:hcyhee
Removed Stream! C:\WINDOWS\znjlc.txt:xptxnt
Removed Stream! C:\WINDOWS\_MSRSTRT.EXE:abtzaf
Removed Stream! C:\WINDOWS\_MSRSTRT.EXE:aduzjb
Removed Stream! C:\WINDOWS\_MSRSTRT.EXE:aevuqv
Removed Stream! C:\WINDOWS\_MSRSTRT.EXE:akncpa
Removed Stream! C:\WINDOWS\_MSRSTRT.EXE:amlzrv
Removed Stream! C:\WINDOWS\_MSRSTRT.EXE:bcadwi
------------------------------------------------
Removed File! : C:\Windows\agrgz.dat
Removed File! : C:\Windows\ajhxt.dat
Removed File! : C:\Windows\amacx.dat
Removed File! : C:\Windows\btbxc.dll
Removed File! : C:\Windows\cjvdf.dat
Removed File! : C:\Windows\cjyxg.dll
Removed File! : C:\Windows\cktet.dat
Removed File! : C:\Windows\crta.exe
Removed File! : C:\Windows\cyhbx.dat
Removed File! : C:\Windows\egdez.dat
Removed File! : C:\Windows\eoong.dat
Removed File! : C:\Windows\ersci.dat
Removed File! : C:\Windows\evkpr.dll
Removed File! : C:\Windows\fdrbd.dat
Removed File! : C:\Windows\fhjmz.dat
Removed File! : C:\Windows\hyiiu.dat
Removed File! : C:\Windows\jnmti.dat
Removed File! : C:\Windows\kyqnh.dat
Removed File! : C:\Windows\ludqu.dll
Removed File! : C:\Windows\marjx.dat
Removed File! : C:\Windows\mcmsu.dat
Removed File! : C:\Windows\mxfoz.dat
Removed File! : C:\Windows\nqhdm.dat
Removed File! : C:\Windows\nqsat.dll
Removed File! : C:\Windows\opygc.dat
Removed File! : C:\Windows\oskbe.dll
Removed File! : C:\Windows\oxpno.dll
Removed File! : C:\Windows\qbxwu.dat
Removed File! : C:\Windows\qpble.dat
Removed File! : C:\Windows\qtdfr.dat
Removed File! : C:\Windows\quuvv.dat
Removed File! : C:\Windows\rejco.dll
Removed File! : C:\Windows\rfnmp.dat
Removed File! : C:\Windows\smwec.dat
Removed File! : C:\Windows\uighs.dat
Removed File! : C:\Windows\vaozx.dat
Removed File! : C:\Windows\vtykg.dat
Removed File! : C:\Windows\wkagm.dat
Removed File! : C:\Windows\xurgc.dat
Removed File! : C:\Windows\ymbla.dat
Removed File! : C:\Windows\zrelz.dll
Removed File! : C:\Windows\zsmtn.dll
Removed File! : C:\Windows\System32\anphr.dll
Removed File! : C:\Windows\System32\csrel.dat
Removed File! : C:\Windows\System32\ctwjd.dat
Removed File! : C:\Windows\System32\dbgrs.dat
Removed File! : C:\Windows\System32\difnm.dat
Removed File! : C:\Windows\System32\doixh.dat
Removed File! : C:\Windows\System32\dzuve.dat
Removed File! : C:\Windows\System32\fbawj.dat
Removed File! : C:\Windows\System32\fnjco.dat
Removed File! : C:\Windows\System32\ftmqt.dat
Removed File! : C:\Windows\System32\gkblc.dat
Removed File! : C:\Windows\System32\gnekl.dat
Removed File! : C:\Windows\System32\grced.dll
Removed File! : C:\Windows\System32\hfirg.dat
Removed File! : C:\Windows\System32\ijwik.dat
Removed File! : C:\Windows\System32\inkji.dat
Removed File! : C:\Windows\System32\ipfsf.dat
Removed File! : C:\Windows\System32\jiqia.dat
Removed File! : C:\Windows\System32\jluxo.dat
Removed File! : C:\Windows\System32\khbgb.dll
Removed File! : C:\Windows\System32\khnyw.dat
Removed File! : C:\Windows\System32\krmte.dat
Removed File! : C:\Windows\System32\mcobl.dat
Removed File! : C:\Windows\System32\nhsjb.dat
Removed File! : C:\Windows\System32\omavf.dat
Removed File! : C:\Windows\System32\oscaf.dat
Removed File! : C:\Windows\System32\pvfpa.dll
Removed File! : C:\Windows\System32\rbwhm.dat
Removed File! : C:\Windows\System32\rfnty.dll
Removed File! : C:\Windows\System32\rilbb.dll
Removed File! : C:\Windows\System32\sbghw.dat
Removed File! : C:\Windows\System32\tecwn.dat
Removed File! : C:\Windows\System32\tmlhs.dat
Removed File! : C:\Windows\System32\uhczn.dll
Removed File! : C:\Windows\System32\ujbos.dll
Removed File! : C:\Windows\System32\unsbd.dat
Removed File! : C:\Windows\System32\urfsc.dat
Removed File! : C:\Windows\System32\uwsut.dat
Removed File! : C:\Windows\System32\vfdyg.dat
Removed File! : C:\Windows\System32\wesup.dat
Removed File! : C:\Windows\System32\wffom.dat
Removed File! : C:\Windows\System32\wqpit.dat
Removed File! : C:\Windows\System32\ybnwq.dll
Removed File! : C:\Windows\System32\zayka.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 23:58:22


AboutBuster 5.0 reference file 28
Scan started on [18/06/2005] at [00:00:22]
------------------------------------------------
Removed Stream! C:\WINDOWS\1024 IBM Mechanical.bmp:zkjfyk
Removed Stream! C:\WINDOWS\ODBC.INI:wrjly
Removed Stream! C:\WINDOWS\rhxdg.txt:yojvkw
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:wanagj
Removed Stream! C:\WINDOWS\WindowsUpdate.log:stnqpy
Removed Stream! C:\WINDOWS\_MSRSTRT.EXE:bcmfcs
Removed Stream! C:\WINDOWS\_MSRSTRT.EXE:bogtei
Removed Stream! C:\WINDOWS\_MSRSTRT.EXE:bvlgum
Removed Stream! C:\WINDOWS\_MSRSTRT.EXE:bvovkq
Removed Stream! C:\WINDOWS\_MSRSTRT.EXE:bwvmgd
Removed Stream! C:\WINDOWS\_MSRSTRT.EXE:cbaazv
Removed Stream! C:\WINDOWS\_MSRSTRT.EXE:cfnxsr
Removed Stream! C:\WINDOWS\_MSRSTRT.EXE:cimxts
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 00:00:55


AboutBuster 5.0 reference file 28
Scan started on [18/06/2005] at [00:42:54]
------------------------------------------------
Removed Stream! C:\WINDOWS\setuplog.txt:iidasz
Removed Stream! C:\WINDOWS\sujbe.txt:dczyrx
Removed Stream! C:\WINDOWS\tabletoc.log:wdrllz
Removed Stream! C:\WINDOWS\_MSRSTRT.EXE:cmvfrc
Removed Stream! C:\WINDOWS\_MSRSTRT.EXE:cnxplw
Removed Stream! C:\WINDOWS\_MSRSTRT.EXE:czyxjr
Removed Stream! C:\WINDOWS\_MSRSTRT.EXE:dbpgig
------------------------------------------------
Removed File! : C:\Windows\cncvp.dat
Removed File! : C:\Windows\lefqc.dat
Removed File! : C:\Windows\System32\fibyy.dll
Removed File! : C:\Windows\System32\kbrea.dll
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 00:44:01


Here is my spsehjfix log

(6/18/05 00:02:36) SPSeHjFix started v1.1.2
(6/18/05 00:02:36) OS: WinXP Service Pack 2 (5.1.2600)
(6/18/05 00:02:36) Language: english
(6/18/05 00:02:36) Win-Path: C:\WINDOWS
(6/18/05 00:02:36) System-Path: C:\WINDOWS\system32
(6/18/05 00:02:36) Temp-Path: C:\DOCUME~1\Joe\LOCALS~1\Temp\
(6/18/05 00:02:37) Disinfection started
(6/18/05 00:02:37) Bad-Dll(IEP): c:\windows\zrelz.dll
(6/18/05 00:02:37) Searchassistant Uninstaller found: Error
(6/18/05 00:02:37) Searchassistant Uninstaller - Keys Deleted
(6/18/05 00:02:37) UBF: 4 - UBB: 0 - UBR: 13
(6/18/05 00:02:37) UBF: 4 - UBB: 0 - UBR: 13
(6/18/05 00:02:37) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\zrelz.dll/sp.html#37049
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: res://c:\windows\zrelz.dll/sp.html#37049
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\zrelz.dll/sp.html#37049
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\zrelz.dll/sp.html#37049
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: res://c:\windows\zrelz.dll/sp.html#37049
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL: res://c:\windows\zrelz.dll/sp.html#37049
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\zrelz.dll/sp.html#37049
(6/18/05 00:02:37) Stealth-String not found
(6/18/05 00:02:37) No locked Files to delete. End without Reboot
(6/18/05 00:02:45) Disinfection started
(6/18/05 00:02:45) Bad-Dll(IEP): c:\windows\zrelz.dll
(6/18/05 00:02:45) UBF: 4 - UBB: 0 - UBR: 13
(6/18/05 00:02:45) UBF: 4 - UBB: 0 - UBR: 13
(6/18/05 00:02:45) Bad IE-pages: (none)
(6/18/05 00:02:45) Stealth-String not found
(6/18/05 00:02:45) No locked Files to delete. End without Reboot
(6/18/05 00:03:06) Disinfection started
(6/18/05 00:03:06) Bad-Dll(IEP): c:\windows\zrelz.dll
(6/18/05 00:03:06) UBF: 4 - UBB: 0 - UBR: 13
(6/18/05 00:03:06) UBF: 4 - UBB: 0 - UBR: 13
(6/18/05 00:03:06) Bad IE-pages: (none)
(6/18/05 00:03:06) Stealth-String not found
(6/18/05 00:03:06) No locked Files to delete. End without Reboot
(6/18/05 00:03:06) Disinfection started
(6/18/05 00:03:06) Bad-Dll(IEP): c:\windows\zrelz.dll
(6/18/05 00:03:06) UBF: 4 - UBB: 0 - UBR: 13
(6/18/05 00:03:06) UBF: 4 - UBB: 0 - UBR: 13
(6/18/05 00:03:06) Bad IE-pages: (none)
(6/18/05 00:03:06) Stealth-String not found
(6/18/05 00:03:06) No locked Files to delete. End without Reboot
(6/18/05 00:03:07) Disinfection started
(6/18/05 00:03:07) Bad-Dll(IEP): c:\windows\zrelz.dll
(6/18/05 00:03:07) UBF: 4 - UBB: 0 - UBR: 13
(6/18/05 00:03:07) UBF: 4 - UBB: 0 - UBR: 13
(6/18/05 00:03:07) Bad IE-pages: (none)
(6/18/05 00:03:07) Stealth-String not found
(6/18/05 00:03:07) No locked Files to delete. End without Reboot
(6/18/05 00:03:07) Disinfection started
(6/18/05 00:03:07) Bad-Dll(IEP): c:\windows\zrelz.dll
(6/18/05 00:03:07) UBF: 4 - UBB: 0 - UBR: 13
(6/18/05 00:03:07) UBF: 4 - UBB: 0 - UBR: 13
(6/18/05 00:03:07) Bad IE-pages: (none)
(6/18/05 00:03:07) Stealth-String not found
(6/18/05 00:03:07) No locked Files to delete. End without Reboot
(6/18/05 00:03:07) Disinfection started
(6/18/05 00:03:07) Bad-Dll(IEP): c:\windows\zrelz.dll
(6/18/05 00:03:07) UBF: 4 - UBB: 0 - UBR: 13
(6/18/05 00:03:07) UBF: 4 - UBB: 0 - UBR: 13
(6/18/05 00:03:07) Bad IE-pages: (none)
(6/18/05 00:03:07) Stealth-String not found
(6/18/05 00:03:07) No locked Files to delete. End without Reboot


(6/18/05 00:03:16) SPSeHjFix started v1.1.2
(6/18/05 00:03:16) OS: WinXP Service Pack 2 (5.1.2600)
(6/18/05 00:03:16) Language: english
(6/18/05 00:03:16) Win-Path: C:\WINDOWS
(6/18/05 00:03:16) System-Path: C:\WINDOWS\system32
(6/18/05 00:03:16) Temp-Path: C:\DOCUME~1\Joe\LOCALS~1\Temp\
(6/18/05 00:03:17) Disinfection started
(6/18/05 00:03:17) Bad-Dll(IEP): (not found)
(6/18/05 00:03:17) Bad-Dll(IEP) in BHO: (not found)
(6/18/05 00:03:17) UBF: 4 - UBB: 0 - UBR: 13
(6/18/05 00:03:17) UBF: 4 - UBB: 0 - UBR: 13
(6/18/05 00:03:17) Bad IE-pages: (none)
(6/18/05 00:03:17) Stealth-String not found
(6/18/05 00:03:17) Not infected->END


(6/18/05 00:47:23) SPSeHjFix started v1.1.2
(6/18/05 00:47:23) OS: WinXP Service Pack 2 (5.1.2600)
(6/18/05 00:47:23) Language: english
(6/18/05 00:47:23) Win-Path: C:\WINDOWS
(6/18/05 00:47:23) System-Path: C:\WINDOWS\system32
(6/18/05 00:47:23) Temp-Path: C:\DOCUME~1\Joe\LOCALS~1\Temp\
(6/18/05 00:47:24) Disinfection started
(6/18/05 00:47:24) Bad-Dll(IEP): c:\windows\system32\kbrea.dll
(6/18/05 00:47:24) UBF: 4 - UBB: 0 - UBR: 12
(6/18/05 00:47:24) UBF: 4 - UBB: 0 - UBR: 12
(6/18/05 00:47:24) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\system32\kbrea.dll/sp.html#37049
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: res://c:\windows\system32\kbrea.dll/sp.html#37049
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\system32\kbrea.dll/sp.html#37049
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\system32\kbrea.dll/sp.html#37049
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: res://c:\windows\system32\kbrea.dll/sp.html#37049
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL: res://c:\windows\system32\kbrea.dll/sp.html#37049
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\system32\kbrea.dll/sp.html#37049
(6/18/05 00:47:24) Stealth-String not found
(6/18/05 00:47:24) No locked Files to delete. End without Reboot
(6/18/05 00:47:26) Disinfection started
(6/18/05 00:47:26) Bad-Dll(IEP): c:\windows\system32\kbrea.dll
(6/18/05 00:47:26) UBF: 4 - UBB: 0 - UBR: 12
(6/18/05 00:47:26) UBF: 4 - UBB: 0 - UBR: 12
(6/18/05 00:47:26) Bad IE-pages: (none)
(6/18/05 00:47:26) Stealth-String not found
(6/18/05 00:47:26) No locked Files to delete. End without Reboot


(6/18/05 00:47:36) SPSeHjFix started v1.1.2
(6/18/05 00:47:36) OS: WinXP Service Pack 2 (5.1.2600)
(6/18/05 00:47:36) Language: english
(6/18/05 00:47:36) Win-Path: C:\WINDOWS
(6/18/05 00:47:36) System-Path: C:\WINDOWS\system32
(6/18/05 00:47:36) Temp-Path: C:\DOCUME~1\Joe\LOCALS~1\Temp\
(6/18/05 00:47:37) Disinfection started
(6/18/05 00:47:37) Bad-Dll(IEP): (not found)
(6/18/05 00:47:37) Bad-Dll(IEP) in BHO: (not found)
(6/18/05 00:47:37) UBF: 4 - UBB: 0 - UBR: 12
(6/18/05 00:47:37) UBF: 4 - UBB: 0 - UBR: 12
(6/18/05 00:47:37) Bad IE-pages: (none)
(6/18/05 00:47:37) Stealth-String not found
(6/18/05 00:47:37) Not infected->END

I forgot to save the log for ewido and as it took so long last time ill post this now and then go and rescan in safe mode in a minute (as I have been on here all day!)

here is the results of the online virus scan

-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Saturday, June 18, 2005 15:39:02
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 18/06/2005
Kaspersky Anti-Virus database records: 126784
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 73513
Number of viruses found: 53
Number of infected objects: 5263
Number of suspicious objects: 2
Duration of the scan process: 11210 sec

Infected Object Name - Virus Name
C:\HJT\backups\backup-20050529-194918-146.dll Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Norton AntiVirus\Quarantine\068F2200.exe Infected: Trojan-Downloader.Win32.Stubby.c
C:\Program Files\Norton AntiVirus\Quarantine\069C49F1.exe Infected: Trojan-Dropper.Win32.VB.fv
C:\Program Files\Norton AntiVirus\Quarantine\099827BB.exe Infected: Trojan-Downloader.Win32.Adload.a
C:\Program Files\Norton AntiVirus\Quarantine\0CC6318C.exe Infected: Trojan.Win32.Agent.em
C:\Program Files\Norton AntiVirus\Quarantine\0D933996.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\11293CFD.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\130C3218.exe Infected: Trojan.Win32.Agent.em
C:\Program Files\Norton AntiVirus\Quarantine\130F5C15.exe Infected: Trojan.Win32.Agent.em
C:\Program Files\Norton AntiVirus\Quarantine\13120611.exe Infected: Trojan.Win32.Agent.em
C:\Program Files\Norton AntiVirus\Quarantine\1315300E.exe Infected: Trojan.Win32.Agent.em
C:\Program Files\Norton AntiVirus\Quarantine\13195A0A.exe Infected: Trojan.Win32.Agent.em
C:\Program Files\Norton AntiVirus\Quarantine\131C0406.exe Infected: Trojan.Win32.Agent.em
C:\Program Files\Norton AntiVirus\Quarantine\131F2E03.exe Infected: Trojan.Win32.Agent.em
C:\Program Files\Norton AntiVirus\Quarantine\132257FF.exe Infected: Trojan.Win32.Agent.em
C:\Program Files\Norton AntiVirus\Quarantine\132601FC.exe Infected: Trojan.Win32.Agent.em
C:\Program Files\Norton AntiVirus\Quarantine\13292BF8.exe Infected: Trojan.Win32.Agent.em
C:\Program Files\Norton AntiVirus\Quarantine\135D4BBE.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\136075BB.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13641FB7.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\136749B4.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\136A73B0.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\136E1DAC.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\137147A9.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\137471A5.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13771BA2.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\137B459E.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\137E6F9B.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13811997.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13844393.dll Infected: Trojan-Downloader.Win32.Agent.pe
C:\Program Files\Norton AntiVirus\Quarantine\13886D90.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\138E4189.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13916B85.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13951581.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13983F7E.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\139B697A.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13A23D73.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13A8116C.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13AC3B68.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13AF6565.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13B20F61.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13B5395D.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13BC0D56.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13BF3753.dll Infected: Trojan-Downloader.Win32.Agent.pe
C:\Program Files\Norton AntiVirus\Quarantine\13C2614F.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13C60B4B.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13C93548.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13CC5F44.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13D00941.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13D3333D.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13D65D39.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13D90736.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13DD3132.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13E05B2F.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13E3052B.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13E60387.exe Infected: Trojan.Win32.Agent.em
C:\Program Files\Norton AntiVirus\Quarantine\13E62F28.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13EA5924.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13ED0320.dll Infected: Trojan-Downloader.Win32.Agent.pe
C:\Program Files\Norton AntiVirus\Quarantine\13F35719.dll Infected: Trojan-Downloader.Win32.Agent.pe
C:\Program Files\Norton AntiVirus\Quarantine\13F70116.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13FA2B12.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\13FD550E.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14007F0B.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14042907.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14075304.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\140A7D00.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\140E26FC.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\141150F9.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14147AF5.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\141724F2.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\141B4EEE.dll Infected: Trojan-Downloader.Win32.Agent.pe
C:\Program Files\Norton AntiVirus\Quarantine\141E78EA.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\142122E7.dll Infected: Trojan-Downloader.Win32.Agent.pe
C:\Program Files\Norton AntiVirus\Quarantine\14244CE3.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\142876E0.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\142B20DC.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\142E4AD8.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\143174D5.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14351ED1.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\143848CE.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\143B72CA.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\143F1CC6.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\144246C3.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\144570BF.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14481ABC.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\144C44B8.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\144F6EB5.dll Infected: Trojan-Downloader.Win32.Agent.pe
C:\Program Files\Norton AntiVirus\Quarantine\145218B1.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\145542AD.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14596CAA.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\145C16A6.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\145C77AA.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Program Files\Norton AntiVirus\Quarantine\145C77AA.exe Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Program Files\Norton AntiVirus\Quarantine\145F40A3.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14626A9F.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\1466149B.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14693E98.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\146C6894.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14701291.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14733C8D.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\147D3A82.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\1480647F.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14830E7B.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14863512.exe Infected: Trojan.Win32.Agent.em
C:\Program Files\Norton AntiVirus\Quarantine\14863877.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\148A6274.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\148D0C70.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\1490366D.dll Infected: Trojan-Downloader.Win32.Agent.pe
C:\Program Files\Norton AntiVirus\Quarantine\14936069.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14970A65.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\149A3462.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\149D5E5E.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14A1085B.dll Infected: Trojan-Downloader.Win32.Agent.pe
C:\Program Files\Norton AntiVirus\Quarantine\14A43257.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14A75C53.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14AA0650.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14AE304C.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14B15A49.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14B40445.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14B72E42.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14BB583E.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14C12C37.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14C45633.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14C80030.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14CB2A2C.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14CE5428.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14D17E25.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14D52821.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14D8521E.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14DB7C1A.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14DF2616.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14E25013.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14E57A0F.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14E8240C.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14EC4E08.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14EF7804.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14F22201.dll Infected: Trojan-Downloader.Win32.Agent.pe
C:\Program Files\Norton AntiVirus\Quarantine\14F54BFD.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14F975FA.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14FC1FF6.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\14FF49F2.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\150273EF.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\150947E8.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\150C71E4.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15101BE0.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\151345DD.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15166FD9.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\151919D6.dll Infected: Trojan-Downloader.Win32.Agent.pe
C:\Program Files\Norton AntiVirus\Quarantine\151D43D2.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15206DCF.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\152317CB.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\152641C7.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\152A6BC4.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\152D15C0.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15303FBD.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\153369B9.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\153713B5.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\153A3DB2.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\153D67AE.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\154111AB.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15443BA7.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\154765A3.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\154A0FA0.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\154E399C.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15516399.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15540D95.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15573791.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\155B618E.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\155E0B8A.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15613587.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15645F83.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\1568097F.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\156B337C.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15710775.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15753171.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15785B6D.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\157B056A.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\157F2F66.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\1585035F.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15882D5C.dll Infected: Trojan-Downloader.Win32.Agent.pe
C:\Program Files\Norton AntiVirus\Quarantine\158C5758.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\158F0154.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\158F37E5.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15922B51.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\1595554D.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15997F4A.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\159C2946.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\159F5342.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15A27D3F.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15A6273B.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15A95138.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15AC7B34.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15B02530.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15B34F2D.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15B67929.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15B92326.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15BD4D22.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15C0771E.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15C3211B.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15CA7514.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15CD1F10.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15D37309.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15D71D05.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15DA4702.dll Infected: Trojan-Downloader.Win32.Agent.pe
C:\Program Files\Norton AntiVirus\Quarantine\15DD70FE.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15E11AFB.dll Infected: Trojan-Downloader.Win32.Agent.pe
C:\Program Files\Norton AntiVirus\Quarantine\15E444F7.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15E76EF3.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15EA18F0.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15EE42EC.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15F16CE9.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15F416E5.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15F740E1.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15FB6ADE.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\15FE14DA.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16013ED7.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\160468D3.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\160812CF.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\160B3CCC.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\161210C5.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16153AC1.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\161864BD.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\161B0EBA.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\161F38B6.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\162262B3.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16250CAF.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\162836AB.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\162C60A8.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\162F0AA4.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\163234A1.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16355E9D.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\163C3296.dll Infected: Trojan-Downloader.Win32.Agent.pe
C:\Program Files\Norton AntiVirus\Quarantine\163F5C92.dll Infected: Trojan-Downloader.Win32.Agent.pe
C:\Program Files\Norton AntiVirus\Quarantine\163F5C92.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\1642068F.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\1646308B.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16495A88.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16502E80.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16560279.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16592C76.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\165D5672.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\1660006E.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16632A6B.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16665467.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\166A7E64.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\166D2860.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\1670525C.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16772655.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\1681244A.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\168A2240.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16942035.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\169E1E2A.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16A4724E.exe Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\16A81C1F.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16AE7018.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16B86E0D.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16C26C03.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16C83FFB.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16D23DF1.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16D81214.exe Infected: Virus.Win32.Porad.a
C:\Program Files\Norton AntiVirus\Quarantine\16D911E9.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16DC3BE6.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16DF65E2.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16E30FDF.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16E639DB.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16E963D7.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16EC0DD4.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16F037D0.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16F361CD.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16F60BC9.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16F935C5.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\16FC5FED.exe Infected: Trojan.Win32.Pakes
C:\Program Files\Norton AntiVirus\Quarantine\16FD5FC2.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\170333BB.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\17065DB7.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\170A07B3.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\170D31B0.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\17105BAC.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\171305A9.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\171305D3.exe/data0000.bin Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\171305D3.exe/data0002.bin Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\171305D3.exe Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\17172FA5.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\171A59A2.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\171A59CC.exe Infected: Trojan-Downloader.Win32.Adload.a
C:\Program Files\Norton AntiVirus\Quarantine\171D039E.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\17212D9A.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\17245797.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\17270193.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\172A2B90.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\172D55B7.exe Infected: Trojan-Downloader.Win32.Apropo.ab
C:\Program Files\Norton AntiVirus\Quarantine\17317F88.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\17342985.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\173429AF.cab/farmmext.exe Infected: Trojan-Downloader.Win32.Stubby.c
C:\Program Files\Norton AntiVirus\Quarantine\173429AF.cab Infected: Trojan-Downloader.Win32.Stubby.c
C:\Program Files\Norton AntiVirus\Quarantine\173429AF.EXE/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Program Files\Norton AntiVirus\Quarantine\173429AF.EXE Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Program Files\Norton AntiVirus\Quarantine\173429AF.htm Infected: Trojan-Downloader.JS.IstBar.k
C:\Program Files\Norton AntiVirus\Quarantine\17375381.dll Infected: Trojan-Downloader.Win32.Agent.pe
C:\Program Files\Norton AntiVirus\Quarantine\17375381.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\173753AC.exe Infected: Trojan-Downloader.Win32.IstBar.jb
C:\Program Files\Norton AntiVirus\Quarantine\173A7DA8.dll Infected: Trojan-Downloader.Win32.IstBar.ik
C:\Program Files\Norton AntiVirus\Quarantine\173B7D7E.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\Program Files\Norton AntiVirus\Quarantine\173D27A5.exe Infected: Trojan-Downloader.Win32.IstBar.ir
C:\Program Files\Norton AntiVirus\Quarantine\173
  • 0

Advertisements

#17
hypochondriac
Posted 18 June 2005 - 09:30 AM

hypochondriac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
finally here is my HJT log
Logfile of HijackThis v1.99.1
Scan saved at 16:25:53, on 18/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Saga\Super Popup Blocker\popkill.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Mini Motty\skinkers.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
C:\Program Files\TDK Systems\Bluetooth Software\BTTray.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ConnMngmntBox.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ECTaskScheduler.exe
C:\PROGRA~1\TDKSYS~1\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Super Popup Blocker] C:\Saga\Super Popup Blocker\popkill.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MiniMottyCluster] C:\Program Files\Mini Motty\skinkers.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = C:\Program Files\Nokia\PC Suite for Nokia 6600\ConnMngmntBox.exe
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = C:\Program Files\Nokia\PC Suite for Nokia 6600\ECTaskScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\TDK Systems\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Killer - {4E977C01-2D5C-11d6-B169-C75E058B1270} - C:\Saga\Super Popup Blocker\popkill.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1111319398796
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.cartoon-f...ayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_aac.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\msks.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

hope you can help
  • 0

#18
Guest_usetobe_*
Posted 18 June 2005 - 09:47 AM

Guest_usetobe_*
  • Guest
Hi Again,

Click Start > Run > and type in:

services.msc

Click OK.

In the services window find: Service: Network Security Service ( 11Fßä#·ºÄÖ`I) .
Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. Exit services utility

Clear out your Norton virus vault (delete them all)

Boot pc into SAFE MODE again.

Rescan with HJT and check the following entries.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\msks.exe (file missing)

Ensure no windows open except HJT and click on fix checked

Now with HJT, click on Misc Tools, then click on delete an NT service.

In the popup box copy and paste the below

11Fßä#·ºÄÖ`I

Once that is pasted in the box, put your mouse cursor in front of the first number 1 and press space bar to insert a space.

Then OK it.

Now using windows expl;orer locate the following file and delete it if found.

C:\WINDOWS\msks.exe

Now reboot your pc into normal mode and carry out a free online scan from the link below. Copy the log into your nerxt post with a new HJT log that you need to carry out after the virus scan.

Panda Activescan
  • 0

#19
hypochondriac
Posted 18 June 2005 - 12:49 PM

hypochondriac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ok I have done as you suggest here is the log of the virus scan

Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\exclean.exe
Adware:Adware/nCase No disinfected Windows Registry
Adware:Adware/Lop No disinfected C:\Program Files\C2Media
Adware:Adware/PowerScan No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\Program Files\cxtpls
Adware:Adware/SearchAid No disinfected Windows Registry
Adware:Adware/Sqwire No disinfected C:\WINDOWS\system32\tsuninst.exe
Adware:Adware/MediaTickets No disinfected Windows Registry
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\farmmext.inf
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\ceres.inf
Adware:Adware/CWS.HomeSearchAsisstantNo disinfected Windows Registry
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\KNOBBENDANTIBURN\64 Long.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\KNOBBENDANTIBURN\surfmess.exe
Adware:Adware/Lop No disinfected C:\HJT\backups\backup-20050529-194918-146.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\addtn32.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\addtw.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apijc.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apiqi32.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\apivk.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\apppn32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\appry.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\appud32.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\atlei32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atllc32.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\atltc32.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\crbj.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\crib.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crjn.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\crwl.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\d3cm.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3ou.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\d3ov32.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\d3rx32.dll
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.ini
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\ietf.dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\ceres.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\farmmext.inf
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipou.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iprf32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iptb32.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\ipzi.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javavi.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javawh.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcgb32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfckk.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\mfcsc32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcvz.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcxn.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcxy.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msbl32.exe
Virus:Trj/Clicker.GN Disinfected C:\WINDOWS\mshhnt.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msij.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\msyq32.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\ntcf32.dll
Adware:Adware/DownloadWare No disinfected C:\WINDOWS\ntjg.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\nttd32.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_ifbcih.txt
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_kpbhce.log
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_skaxty.log
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_ynlnga.log
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sdkry32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sysao32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sysdm32.exe
Adware:Adware/DownloadWare No disinfected C:\WINDOWS\system32\addfg32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\addjy.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\addpm32.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\addwy.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\apiep.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\apity.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\appda32.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\apphc.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\apphd.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\apppl.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\appvm.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\appwy32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\atles32.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\atllo32.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\atlvf32.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\crdd.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\crhx32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\crpy32.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\crth.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3iu.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\d3ja32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3ko.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3lx.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\d3nw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3rh32.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\exclean.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\ieba32.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\iehl32.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\iert.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\ieyp32.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\iezv32.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\ipjl.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\ipot.exe
Adware:Adware/DownloadWare No disinfected C:\WINDOWS\system32\javapa.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\mac80ex.idf
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\mac80ex.idf[msbe.dll]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\mac80ex.idf[Uninstall.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\mac80ex.idf[bargains.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\mac80ex.idf[adv.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\mac80ex.idf[adx.exe]
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\mfckd.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\mfcod.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\msej.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\mshz32.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\msne.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\msta32.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\netoe32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\netol.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\netrn32.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd[exdl.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd[mqexdlm.srg]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[exul.exe]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[javexulm.vxd]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd[msexreg.exe]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[exclean.exe]
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\ntaa.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\ntia.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\ntjn.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\ntnx32.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\ntoy32.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\sdkqb32.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\sysff32.dll
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\system32\tsuninst.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\vx0.nls
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\vx1.nls
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\vx1x.nls
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\winqx32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\winun32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\winxa.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysyi.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\winbc.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\winpm32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\winra32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\winre.exe
and here is the hijack log

thts Logfile of HijackThis v1.99.1
Scan saved at 19:49:18, on 18/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Saga\Super Popup Blocker\popkill.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mini Motty\skinkers.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ConnMngmntBox.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ECTaskScheduler.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Super Popup Blocker] C:\Saga\Super Popup Blocker\popkill.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MiniMottyCluster] C:\Program Files\Mini Motty\skinkers.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = C:\Program Files\Nokia\PC Suite for Nokia 6600\ConnMngmntBox.exe
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = C:\Program Files\Nokia\PC Suite for Nokia 6600\ECTaskScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\TDK Systems\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Killer - {4E977C01-2D5C-11d6-B169-C75E058B1270} - C:\Saga\Super Popup Blocker\popkill.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1111319398796
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.cartoon-f...ayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_aac.cab
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#20
Guest_usetobe_*
Posted 18 June 2005 - 01:05 PM

Guest_usetobe_*
  • Guest
I need you to copy all of the Killbox file paths below and paste them into Notepad.

C:\WINDOWS\system32\exclean.exe
C:\Program Files\C2Media
C:\Program Files\cxtpls
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\inf\farmmext.inf
C:\WINDOWS\inf\ceres.inf
C:\Documents and Settings\All Users\Application Data\KNOBBENDANTIBURN\64 Long.exe
C:\Documents and Settings\All Users\Application Data\KNOBBENDANTIBURN\surfmess.exe
C:\HJT\backups\backup-20050529-194918-146.dll
C:\WINDOWS\addtn32.dll
C:\WINDOWS\addtw.dll
C:\WINDOWS\apijc.exe
C:\WINDOWS\apiqi32.exe
C:\WINDOWS\apivk.dll
C:\WINDOWS\apppn32.dll
C:\WINDOWS\appry.exe
C:\WINDOWS\appud32.exe
C:\WINDOWS\atlei32.dll
C:\WINDOWS\atllc32.exe
C:\WINDOWS\crbj.dll
C:\WINDOWS\crjn.exe
C:\WINDOWS\crwl.dll
C:\WINDOWS\d3cm.dll
C:\WINDOWS\d3ou.exe
C:\WINDOWS\d3ov32.dll
C:\WINDOWS\d3rx32.dll
C:\WINDOWS\farmmext.ini
C:\WINDOWS\ietf.dll
C:\WINDOWS\inf\ceres.inf
C:\WINDOWS\inf\farmmext.inf
C:\WINDOWS\ipou.exe
C:\WINDOWS\iprf32.exe
C:\WINDOWS\iptb32.exe
C:\WINDOWS\ipzi.dll
C:\WINDOWS\javavi.exe
C:\WINDOWS\javawh.exe
C:\WINDOWS\mfcgb32.exe
C:\WINDOWS\mfckk.exe
C:\WINDOWS\mfcsc32.dll
C:\WINDOWS\mfcvz.exe
C:\WINDOWS\mfcxn.exe
C:\WINDOWS\mfcxy.exe
C:\WINDOWS\msbl32.exe
C:\WINDOWS\mshhnt.exe
C:\WINDOWS\msij.exe
C:\WINDOWS\msyq32.dll
C:\WINDOWS\ntcf32.dll
C:\WINDOWS\ntjg.dll
C:\WINDOWS\nttd32.exe
C:\WINDOWS\n_ifbcih.txt
C:\WINDOWS\n_kpbhce.log
C:\WINDOWS\n_skaxty.log
C:\WINDOWS\n_ynlnga.log
C:\WINDOWS\sdkry32.exe
C:\WINDOWS\sysao32.exe
C:\WINDOWS\sysdm32.exe
C:\WINDOWS\system32\addfg32.dll
C:\WINDOWS\system32\addjy.exe
C:\WINDOWS\system32\addpm32.dll
C:\WINDOWS\system32\addwy.dll
C:\WINDOWS\system32\apiep.dll
C:\WINDOWS\system32\apity.dll
C:\WINDOWS\system32\appda32.exe
C:\WINDOWS\system32\apphc.dll
C:\WINDOWS\system32\apphd.exe
C:\WINDOWS\system32\apppl.exe
C:\WINDOWS\system32\appvm.exe
C:\WINDOWS\system32\appwy32.dll
C:\WINDOWS\system32\atles32.exe
C:\WINDOWS\system32\atllo32.dll
C:\WINDOWS\system32\atlvf32.dll
C:\WINDOWS\system32\crdd.dll
C:\WINDOWS\system32\crhx32.exe
C:\WINDOWS\system32\crpy32.exe
C:\WINDOWS\system32\crth.dll
C:\WINDOWS\system32\d3iu.exe
C:\WINDOWS\system32\d3ja32.dll
C:\WINDOWS\system32\d3ko.exe
C:\WINDOWS\system32\d3lx.exe
C:\WINDOWS\system32\d3nw32.dll
C:\WINDOWS\system32\d3rh32.exe
C:\WINDOWS\system32\exclean.exe
C:\WINDOWS\system32\ieba32.dll
C:\WINDOWS\system32\iehl32.dll
C:\WINDOWS\system32\iert.dll
C:\WINDOWS\system32\ieyp32.exe
C:\WINDOWS\system32\iezv32.dll
C:\WINDOWS\system32\ipjl.dll
C:\WINDOWS\system32\ipot.exe
C:\WINDOWS\system32\javapa.dll
C:\WINDOWS\system32\mac80ex.idf
C:\WINDOWS\system32\mac80ex.idf[msbe.dll]
C:\WINDOWS\system32\mac80ex.idf[Uninstall.exe]
C:\WINDOWS\system32\mac80ex.idf[bargains.exe]
C:\WINDOWS\system32\mac80ex.idf[adv.exe]
C:\WINDOWS\system32\mac80ex.idf[adx.exe]
C:\WINDOWS\system32\mfckd.dll
C:\WINDOWS\system32\mfcod.dll
C:\WINDOWS\system32\msej.exe
C:\WINDOWS\system32\mshz32.exe
C:\WINDOWS\system32\msne.dll
C:\WINDOWS\system32\msta32.exe
C:\WINDOWS\system32\netoe32.dll
C:\WINDOWS\system32\netol.exe
C:\WINDOWS\system32\netrn32.exe
C:\WINDOWS\system32\netut80ex.vxd
C:\WINDOWS\system32\netut80ex.vxd[exdl.exe]
C:\WINDOWS\system32\netut80ex.vxd[mqexdlm.srg]
C:\WINDOWS\system32\netut80ex.vxd[exul.exe]
C:\WINDOWS\system32\netut80ex.vxd[javexulm.vxd]
C:\WINDOWS\system32\netut80ex.vxd[msexreg.exe]
C:\WINDOWS\system32\netut80ex.vxd[exclean.exe]
C:\WINDOWS\system32\ntaa.exe
C:\WINDOWS\system32\ntia.dll
C:\WINDOWS\system32\ntjn.dll
C:WINDOWS\system32\ntnx32.dll
C:\WINDOWS\system32\ntoy32.dll
C:\WINDOWS\system32\sdkqb32.dll
C:\WINDOWS\system32\sysff32.dll
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\vx0.nls
C:\WINDOWS\system32\vx1.nls
C:\WINDOWS\system32\vx1x.nls
C:\WINDOWS\system32\winqx32.dll
C:\WINDOWS\system32\winun32.exe
C:\WINDOWS\system32\winxa.exe
C:\WINDOWS\sysyi.dll
C:\WINDOWS\winbc.exe
C:\WINDOWS\winpm32.exe
C:\WINDOWS\winra32.exe
C:\WINDOWS\winre.exe

* Please download the http://www.bleepingc...es/killbox.php]Killbox by Option^Explicit[/url]. *In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Open the Notepad file where you saved the file paths earlier and copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Then carry out a fresh HJT log and post it back
  • 0

#21
hypochondriac
Posted 18 June 2005 - 02:30 PM

hypochondriac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
when I click on the red X it says verifying registry entries please wait then it says pendingfilerenameoperations registry data has been removed by external process!
  • 0

#22
Guest_usetobe_*
Posted 18 June 2005 - 02:37 PM

Guest_usetobe_*
  • Guest
click on no or ok which ever you get
  • 0

#23
hypochondriac
Posted 18 June 2005 - 02:57 PM

hypochondriac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
what and then just restart?
  • 0

#24
Guest_usetobe_*
Posted 18 June 2005 - 03:03 PM

Guest_usetobe_*
  • Guest
Yep reboot pc then rescan with HJT and post the log back
  • 0

#25
hypochondriac
Posted 18 June 2005 - 03:42 PM

hypochondriac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
here is my log after restart

Logfile of HijackThis v1.99.1
Scan saved at 22:42:22, on 18/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Saga\Super Popup Blocker\popkill.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mini Motty\skinkers.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\TDK Systems\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ConnMngmntBox.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ECTaskScheduler.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\TDKSYS~1\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\HJT\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Super Popup Blocker] C:\Saga\Super Popup Blocker\popkill.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MiniMottyCluster] C:\Program Files\Mini Motty\skinkers.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = C:\Program Files\Nokia\PC Suite for Nokia 6600\ConnMngmntBox.exe
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = C:\Program Files\Nokia\PC Suite for Nokia 6600\ECTaskScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\TDK Systems\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Killer - {4E977C01-2D5C-11d6-B169-C75E058B1270} - C:\Saga\Super Popup Blocker\popkill.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1111319398796
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.cartoon-f...ayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_aac.cab
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\TDK Systems\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements

#26
Guest_usetobe_*
Posted 18 June 2005 - 03:47 PM

Guest_usetobe_*
  • Guest
From your log, I see nothing in the ways of trojans, nor any evil entities attempting to possess your computer, except for Windows but it's too late for that one. :tazz:

Congratulations your log now appears to be clean. ;)

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and AntiSpyware Net's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.
  • 0

#27
hypochondriac
Posted 18 June 2005 - 03:54 PM

hypochondriac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
thank you very much! I do posses much of that but I shall read the articles and download the stuff I do not have. I really appreciate your time and will seriously consider donating to you (once I get my finances in order!) thanks again
  • 0

#28
Guest_usetobe_*
Posted 18 June 2005 - 03:56 PM

Guest_usetobe_*
  • Guest
You are very welcome, glad to be of assistance.

Happy Safe Surfing
  • 0

#29
Guest_usetobe_*
Posted 02 July 2005 - 10:36 AM

Guest_usetobe_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP