Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

of course, aurora [RESOLVED]


  • This topic is locked This topic is locked

#16
stantie06

stantie06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:16:24 PM, on 7/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\mebtluz.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\apcups53.exe
C:\WINDOWS\System32\SMBsvs.exe
C:\WINDOWS\System32\vidctrl\vidctrl.exe
C:\WINDOWS\System32\_pnd_71Kc0.exe
C:\Program Files\Cas\Client\casclient.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\Searchx.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhos;;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [601760775423] C:\WINDOWS\System32\apcups53.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [HUB service] SMBsvs.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitebgl32.exe
O4 - HKLM\..\Run: [_pnd_Panda Antivirus] C:\WINDOWS\System32\_pnd_MXU9r.exe -svc
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\RunServices: [HUB service] SMBsvs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121057390639
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\rrpwsx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMP54GSVC - Unknown owner - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe" "WMP54G.exe (file missing)
  • 0

Advertisements


#17
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi and welcome to GeeksToGo! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

I noticed that your HiJackthis.exe is located on your desktop, make sure to save HijackThis in its own folder (i.e. C:\HJT). This is very important, so HiJackThis can save backups!


DOWNLOAD PROGRAMS


Please download the trial version of Ewido Security Suite Here
Install it, and update the definitions to the newest files. Do NOT run a scan yet. (if you already have, please just update)

Please download Nailfix from Here
click nailfix.exe and choose install, a new folder will be created on your desktop named nailfix
please do NOT run it yet.

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.

Download LQfix Here
save it to your desktop, please do not use yet


THE FIX


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

5. Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (If they still exist)

C:\WINDOWS\Nail.exe

6. Once in Safe Mode, please double-click on
Nailfix.cmd Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

7. Now open and run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

8. Close all browsers, windows and unneeded programs.

9. Open HiJack and do a scan.

10. Put a Check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\Searchx.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [601760775423] C:\WINDOWS\System32\apcups53.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [HUB service] SMBsvs.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitebgl32.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\RunServices: [HUB service] SMBsvs.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\rrpwsx.dll


11. click the Fix Checked box

12. Please remove these entries from Add/Remove Programs in the Control Panel(if present):

Blubster <====Optional: Blubster is a file-sharing program which being ad-based includes "Cy-door" adware. Also a know source of infections, which more than likely caused your problems P2P Article


13. Please remove the following folders using Windows Explorer (if present):

C:\WINDOWS\System32\vidctrl
C:\Program Files\Cas
C:\Program Files\Blubster <====Optional See above


14. Please remove just the files from the following paths using Windows Explorer (if present):

c:\windows\system32\mebtluz.exe
C:\WINDOWS\System32\apcups53.exe
C:\WINDOWS\System32\SMBsvs.exe
C:\WINDOWS\System32\_pnd_71Kc0.exe
C:\WINDOWS\Nail.exe
C:\WINDOWS\wupdt.exe
D0CE0C16B1 <======Start>Search for this
C:\WINDOWS\system32\rrpwsx.dll
C:\WINDOWS\cfgmgr52.dll


15. Double click on LQFix program u downloaded.
A doswindow will open and close again, this is normal.

16. Run the program CleanUp!

17. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

18. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#18
stantie06

stantie06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Activescan report:

Incident Status Location

Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\rrpwsx.dll
Virus:Trj/Daemonize.AC Disinfected Operating system
Adware:Adware/Transponder No disinfected c:\windows\system32\xsguis.exe
Adware:Adware/Transponder No disinfected c:\windows\system32\ubwfxt.exe
Adware:Adware/eZula No disinfected C:\WINDOWS\System32\sysfile.dll
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/nCase No disinfected C:\WINDOWS\System32\saie_*.dat
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles
Adware:Adware/BookedSpace No disinfected C:\DOCUME~1\Owner\LOCALS~1\Temp\bs*.tmpbsx32
Adware:Adware/CWS.Yexe No disinfected C:\WINDOWS\svchost.exe
Adware:Adware/Apropos No disinfected C:\DOCUME~1\Owner\LOCALS~1\Temp\cfout.txt
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Owner\Application Data\Lycos
Adware:Adware/IEDriver No disinfected C:\WINDOWS\System32\Searchx.htm
Adware:Adware/IPInsight No disinfected C:\DOCUME~1\Owner\LOCALS~1\Temp\alchem.???
Adware:Adware/Look2Me No disinfected C:\WINDOWS\System32\guard.tmp
Spyware:Spyware/Media-motor No disinfected Windows Registry
Adware:Adware/TopRebates No disinfected C:\WINDOWS\bundles\WebRebates*.exe
Adware:Adware/PowerSearch No disinfected C:\WINDOWS\System32\stlb2.xml
Spyware:Spyware/LinkReplacer No disinfected C:\WINDOWS\System32\lmf32v.dll
Adware:Adware/Transponder No disinfected C:\DOCUME~1\Owner\LOCALS~1\Temp\DrTemp
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\alchem.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\alchem.ini
Adware:Adware/eZula No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\bs59F.tmpbsx32\earn.exe
Virus:W32/Sdbot.CEH.worm Disinfected C:\Documents and Settings\Owner\Local Settings\Temp\mneeok.exe
Virus:Backdoor Program Disinfected C:\Documents and Settings\Owner\Local Settings\Temp\qjiacp.exe
Possible Virus. No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ssvchst.exe
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr8F97
Adware:Adware/Gator No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\trickler_4010.ex_
Adware:Adware/Gator No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\trickler_4010.ex_[trickler_4010.exe]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3I1I7GDW\upd207[1].exe
Possible Virus. No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3I1I7GDW\web[1].exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\Cas\Client\Uninstall.exe
Adware:Adware/Envolo No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle06052005154825496093.asw
Virus:Trj/Downloader.AYV Disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0626200512009057406.asw
Adware:Adware/nCase No disinfected C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0626200512009058515.asw
Adware:Adware/AdBehavior No disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\00E89273-006E-42BC-BA9D-4943E6.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\01E97862-624C-43AC-B916-63E0CE.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0DC6D7BC-5862-48B2-A053-0B2790.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0EB0A4A2-F509-445B-9E07-E6F740.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\103C9122-ADCB-47FE-BA0A-A0437D.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\10BA6C3C-CCA4-4616-9E86-7C29B8.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\10C8EFD4-4C17-4C05-AE1C-CD50E4.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\155A717B-7CB5-498B-B30C-0A3E91.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\17193B8E-A9EA-4376-BA09-F72F3A.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\17A7B84B-9094-4A79-B183-D70DE7.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\17C8BFE5-D9EA-4D9D-BE53-E2F04D.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1B0AB3F7-4905-4A1D-A8E9-23BBF0.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1C1730FF-16A4-4C1A-A4A1-F468EA.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1DABDA07-DC08-4C93-A0C4-665ED2.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1E6C34AB-8668-473D-8957-2B4F37.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1EDA140D-9D85-46AE-8B83-EA2E13.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1EEF0BA0-719D-4867-B5B9-C2A827.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1F2443E4-AD03-4098-A56E-EC8F88.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1F3CD225-1056-40DA-BFB3-C06F97.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1F44E6E4-E2A4-4223-96E9-BD0737.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1FFF9ECD-A53B-4342-B455-06E2D8.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2403AF7B-60F7-49D9-B488-941E4E.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\248D5A8A-92C9-4F05-9FA5-E37303.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\26642D5A-F143-4994-88AF-408D75.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\289C81FD-1D2B-47E2-A361-367D31.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\29DE7383-6530-48AE-97F9-3D6A9E.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2B0A1DBC-1038-4751-89A5-0E1A8B.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2BB527D5-27BE-4CFB-8312-C8A7FF.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2C758BE8-AC0D-4A1C-8687-F54698.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3490CE00-3427-4DE8-B252-21673A.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\35A5E08F-D060-44C1-BF5A-809090.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\38F6215C-5541-4BF0-A120-CF7BA9.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\39C0AA1A-8E0B-4375-938F-68E0C9.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3B0B4CFF-6757-4AB2-ACA0-456CA2.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3BD585C8-473C-468F-8320-9FADCB.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3E8BD4E3-8684-4DB5-BE2B-3B8692.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3F334551-6091-4AFF-A001-837A76.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3F653FAC-DB9B-44E1-ACFD-646720.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\411A13E3-E5D3-414F-BC84-0A152F.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4296482B-F75E-4C4E-9DB1-854A3C.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\445256DF-F6B7-4EA6-93F9-D9932C.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\45D6CC6C-9583-4B42-AC7F-6A78DC.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\46B37495-948C-4E28-B481-448FAC.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\49537ECE-F2F9-4EB1-9E8A-2D7091.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4B86CF13-6080-4442-BBED-DF805D.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4D3C4DAD-C288-430B-8921-702A9B.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4DBFBE61-4EA8-41A9-B222-300F21.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5004E604-67BD-425B-816F-4BBB9D.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\52A6899E-23EA-4581-8B9E-136584.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\542C0945-1C39-4FCC-90CF-446EBF.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5465302D-5F0E-4C39-8EB9-AD96F8.asq
Adware:Adware/ClkOptimizer No disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\56D90580-788A-4AFC-B6B1-D0FE91.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\5C124E0B-4B7C-47E8-B9F6-5A9C9D.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\60074CCF-68CC-42CC-AD18-758A94.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\633CDD51-ED0E-42F4-ABE0-3B779C.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6491A60E-988D-44FE-ABDC-F702BD.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\65E4E9D1-BF27-4AF1-B7A0-71ACF9.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\66D18A61-3F55-465B-BCC3-27BD37.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\66E65D54-6B73-49C8-A34F-377794.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6A34691C-CA4E-4D06-8EB4-3EDF85.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6A8DC919-AB77-4D53-8A44-8CB4C2.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6B863645-E91A-4953-860A-F5CD33.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6BD489F3-5807-4E9E-9E27-010819.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6DF968B9-E3FE-4148-B3C2-DA21F9.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\719D59E1-5F23-4A98-B932-176FF3.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\71D73E97-CC04-4652-8344-A1F3F6.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\734C78C7-23FD-4707-963B-806D9A.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\76ABD723-8D36-41D4-8EA8-80AA39.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\7AF19DC2-9FA9-49DD-A189-96961C.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\7C02DC84-BDA6-4C54-9EBF-46557E.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\7CE45E6A-BCC0-4D25-B75E-EFB93A.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\81340AFB-5F18-4B54-A243-9C8C0C.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\81A7FC72-DDC2-4B45-B643-3AE5E5.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\8361B31A-5B43-4631-B3FF-ED2088.asq
Adware:Adware/ClkOptimizer No disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\84BA3C54-868C-42A7-A86E-069D37.asq
Adware:Adware/AdBehavior No disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\85624AD1-CDEF-4B68-B8AB-5E8626.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\85BF242F-C202-4C20-890E-DA183D.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\87E1C78F-7238-42C3-B79E-55B7EE.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\8EA29F17-5AB2-4298-A296-7DB79B.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\8EF49C94-50F6-4BDB-9DAA-637FBA.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\8F98EB64-F0E6-4040-9927-0132EE.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\8FC3F987-DED3-487E-A40B-828918.asq
Adware:Adware/AdBehavior No disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\9033764E-6142-409E-9936-7AABEA.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\92B2B9B5-65EC-47B6-BB2F-BE54DF.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\97E33C46-E934-4326-99A0-59CDC9.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\98BACF56-CA08-4E26-9699-4C7D79.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\9A56DBD9-E0DB-47D1-8FF5-818135.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\9D4E092D-0CE8-4768-A172-BFB35E.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\9D6A6BDA-7F7D-4EC3-AC8E-4146A7.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\9E172C0C-F19E-4A40-9569-41D5E3.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\9E508B0E-5B47-47D7-B6AA-F2C989.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A4C44F2E-235E-41FC-8B66-C9D57F.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A5E81D67-EC3E-48ED-AA27-DD230B.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A7C22EFE-2ECE-4F06-AE20-F01808.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A8353EC4-2DEC-46B5-8F45-3313B2.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A9096C05-CB64-456A-AA61-34CF81.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\A9E79313-7339-48AF-B845-907E19.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\ACFC7C83-1E82-4471-89DF-F3FBC4.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\AFAF7057-314F-49B4-865B-4A90C6.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B050E88F-606D-4838-8ADF-DF50B5.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B81C197D-F517-485B-BB2D-717AB8.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\B8F80A41-34F2-4515-99C1-3D9427.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\BA1D416E-9AD4-4E8D-8664-0F4464.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\BC32D529-F090-4F25-ABDD-A37E1E.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\BC50DF82-7782-44A4-A6B6-22A429.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\BD446874-B485-4E7E-8046-B3765E.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\BE31CE16-E808-46EE-A593-FBCBAC.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C08EB523-7C4B-482A-B6C6-D61431.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C0FB9304-40CD-4246-B6E7-17000E.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C6AD12D8-E6AC-43F0-BBF2-F28A92.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C726C1DF-3F63-4D39-A3BA-245B80.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C72AF5C2-2483-49F9-8FF8-8EA53E.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\C9A4C67C-0308-41FA-B81A-01D134.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\CC02E77E-C833-4225-AC02-80A6E3.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\CD65C34D-D128-45B6-9859-809A98.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\CE6B0CD7-F570-48FA-82D0-F84F37.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D4E11CD6-72DD-403A-93A3-64CB8B.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D5F7DFFD-A824-458E-95C5-A7003B.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D8245D23-2C2A-4D9D-8933-C1C819.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D848E9EF-E65F-4E7B-A5BC-866A04.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D95BA1C9-0AF6-4F2A-8238-AA5B6C.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\DCA53AA9-5853-490A-8987-15AEC3.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E2E2D3D3-C4E3-4439-8AC5-7C31D5.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E3E03E8A-2133-476B-AAE4-1280F4.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\E61F1831-7E4B-4EFA-99A0-D0BD3C.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\EA1608B8-0CAD-4CF6-939C-A67F85.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\EA97D30B-FC25-4B50-B89A-02734B.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\F2D39718-1EBB-45AC-BADC-57B596.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\F3B6C277-68D3-4753-9130-8B4E50.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\F53E7F14-6CF5-4543-9B39-19F6EF.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\F54D9EBA-D090-4AC0-885F-5AD130.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\FA12C9B1-9E36-4059-85F8-3A23B9.asq
Virus:Bck/Agent.K Disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\FE568D2D-FFD6-402B-9EEB-D7CD25.asq
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\501C4B89-EBFF-40CB-A2C3-A4E2FE\8BC1C7FE-B76A-4AD6-9C52-A4DAD0
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\501C4B89-EBFF-40CB-A2C3-A4E2FE\A83E0671-AE26-4FA2-94A1-E5965A
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\501C4B89-EBFF-40CB-A2C3-A4E2FE\AD4977F4-5A08-4E7E-A43F-F9B82E
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\501C4B89-EBFF-40CB-A2C3-A4E2FE\AD841373-A60E-4500-973E-068457
Adware:Adware/ConsumerAlertSystemNo disinfected C:\RECYCLER\S-1-5-21-2888137882-1294642078-4094575798-1003\Dc126.exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\RECYCLER\S-1-5-21-2888137882-1294642078-4094575798-1003\Dc127.dll
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\180searchScreenSaver.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\2504040824.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\49gh43sd.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\77_350_i.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ezStub.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ICMedia-350.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\omni2.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\runsearch.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\setup339.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\setup_silent_25040.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe
Virus:Bck/Agent.K Disinfected C:\WINDOWS\svchost.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\ayjjquu.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\Cache\Installer.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\fmvafs.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\guard.tmp
  • 0

#19
stantie06

stantie06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
rest of activescan:

Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\khdjwov.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\ktokil.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\lbkbyp.exe
Spyware:Spyware/LinkReplacer No disinfected C:\WINDOWS\system32\lmf32v.dll
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\mebtluz.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\nsldwqm.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\okduyw.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\phjvqsf.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\qiljst.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\qszbetu.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\rhcepm.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\rrpwsx.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\saie_gdf.dat
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\Searchx.htm
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\sexqogu.exe
Virus:W32/Sdbot.CEH.worm Disinfected C:\WINDOWS\system32\SMBsvs.exe
Adware:Adware/PowerSearch No disinfected C:\WINDOWS\system32\stlb2.xml
Adware:Adware/eZula No disinfected C:\WINDOWS\system32\sysfile.dll
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\tlgwljv.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\ubwfxt.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\uvxypb.exe
Adware:Adware/AdBehavior No disinfected C:\WINDOWS\system32\vqvpk.dat
Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\winupdt.008
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\xfxzgar.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\xsguis.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\yseotf.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\zevljc.exe
Virus:Trj/Daemonize.AC Disinfected C:\WINDOWS\system32\_pnd_7swDR.dll
Virus:Trj/Daemonize.AC Disinfected C:\WINDOWS\system32\_pnd_B2G3g.exe
Virus:Trj/Daemonize.AC Disinfected C:\WINDOWS\system32\_pnd_cZzu4.dll
Virus:Trj/Daemonize.AC Disinfected C:\WINDOWS\system32\_pnd_ISp78.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\__delete_on_reboot__ef.dll
Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINDOWS\Temp\cassetup.exe
Virus:Trj/Delmed.A Disinfected C:\WINDOWS\Temp\s030109.Stub.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Temp\upd207.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\Temp\wrapperouter.exe

hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:59:29 PM, on 7/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
c:\windows\system32\qszbetu.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\b.com
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhos;;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [atgbwyh] c:\windows\system32\qszbetu.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121057390639
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\sbayerxp.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMP54GSVC - Unknown owner - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe" "WMP54G.exe (file missing)
  • 0

#20
stantie06

stantie06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
oh and i cant get the Ewido to stop popping up telling me that infected objects have been found (adware.betterinternet) it says clean and i hit OK then it pop ups again and again...i just push the window off to the side and work around it


Also, for step 10. i couldnt find the following listed....

O2 - BHO: band class - {} etc....
O4 - HKLM\..run\: [win server updt] C:\windows\wupdt.exe
O4 - winlogon notfy: IPconftsp - etc...


I aslo didn't totally understand step 13 & 14

everything else went just fine

Edited by stantie06, 11 July 2005 - 06:02 PM.

  • 0

#21
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
You have the latest version of VX2. Download L2mfix from one of these two locations:
  • One
    Two
  • Save the file to your desktop
    Close any programs you have open since this step requires a reboot.[list]
  • From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter
  • Press any key to reboot your computer.
  • After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log.
  • Copy the contents of log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left. :tazz:
IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
  • 0

#22
stantie06

stantie06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
L2Mfix 1.03

Running From:
C:\Documents and Settings\Owner\Desktop\L2mfix\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\Owner\Desktop\L2mfix\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Owner\Desktop\L2mfix\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1048 'explorer.exe'
Killing PID 1048 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1432 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\ewts.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ewts.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jhcript.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jhcript.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kwdbene.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kwdbene.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mpcndmgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mpcndmgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mrg4dmod.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mrg4dmod.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rrpwsx.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rrpwsx.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sbayerxp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sbayerxp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\thappcmp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\thappcmp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\ewts.dll
Successfully Deleted: C:\WINDOWS\system32\ewts.dll
deleting: C:\WINDOWS\system32\ewts.dll
Successfully Deleted: C:\WINDOWS\system32\ewts.dll
deleting: C:\WINDOWS\system32\jhcript.dll
Successfully Deleted: C:\WINDOWS\system32\jhcript.dll
deleting: C:\WINDOWS\system32\jhcript.dll
Successfully Deleted: C:\WINDOWS\system32\jhcript.dll
deleting: C:\WINDOWS\system32\kwdbene.dll
Successfully Deleted: C:\WINDOWS\system32\kwdbene.dll
deleting: C:\WINDOWS\system32\kwdbene.dll
Successfully Deleted: C:\WINDOWS\system32\kwdbene.dll
deleting: C:\WINDOWS\system32\mpcndmgr.dll
Successfully Deleted: C:\WINDOWS\system32\mpcndmgr.dll
deleting: C:\WINDOWS\system32\mpcndmgr.dll
Successfully Deleted: C:\WINDOWS\system32\mpcndmgr.dll
deleting: C:\WINDOWS\system32\mrg4dmod.dll
Successfully Deleted: C:\WINDOWS\system32\mrg4dmod.dll
deleting: C:\WINDOWS\system32\mrg4dmod.dll
Successfully Deleted: C:\WINDOWS\system32\mrg4dmod.dll
deleting: C:\WINDOWS\system32\rrpwsx.dll
Successfully Deleted: C:\WINDOWS\system32\rrpwsx.dll
deleting: C:\WINDOWS\system32\rrpwsx.dll
Successfully Deleted: C:\WINDOWS\system32\rrpwsx.dll
deleting: C:\WINDOWS\system32\sbayerxp.dll
Successfully Deleted: C:\WINDOWS\system32\sbayerxp.dll
deleting: C:\WINDOWS\system32\sbayerxp.dll
Successfully Deleted: C:\WINDOWS\system32\sbayerxp.dll
deleting: C:\WINDOWS\system32\thappcmp.dll
Successfully Deleted: C:\WINDOWS\system32\thappcmp.dll
deleting: C:\WINDOWS\system32\thappcmp.dll
Successfully Deleted: C:\WINDOWS\system32\thappcmp.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp


Zipping up files for submission:
adding: ewts.dll (208 bytes security) (deflated 48%)
adding: jhcript.dll (208 bytes security) (deflated 48%)
adding: kwdbene.dll (208 bytes security) (deflated 48%)
adding: mpcndmgr.dll (208 bytes security) (deflated 48%)
adding: mrg4dmod.dll (208 bytes security) (deflated 48%)
adding: rrpwsx.dll (208 bytes security) (deflated 48%)
adding: sbayerxp.dll (208 bytes security) (deflated 48%)
adding: thappcmp.dll (208 bytes security) (deflated 48%)
adding: guard.tmp (208 bytes security) (deflated 48%)
adding: clear.reg (208 bytes security) (deflated 37%)
adding: echo.reg (208 bytes security) (deflated 11%)
adding: direct.txt (208 bytes security) (deflated 4%)
adding: lo2.txt (208 bytes security) (deflated 83%)
adding: readme.txt (208 bytes security) (deflated 49%)
adding: test.txt (208 bytes security) (deflated 85%)
adding: test2.txt (208 bytes security) (deflated 17%)
adding: test3.txt (208 bytes security) (deflated 17%)
adding: test5.txt (208 bytes security) (deflated 17%)
adding: xfind.txt (208 bytes security) (deflated 82%)
adding: backregs/242DA79B-14B4-403F-9374-F09A8AE481A8.reg (208 bytes security) (deflated 70%)
adding: backregs/shell.reg (208 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

deleting local copy: ewts.dll
deleting local copy: ewts.dll
deleting local copy: jhcript.dll
deleting local copy: jhcript.dll
deleting local copy: kwdbene.dll
deleting local copy: kwdbene.dll
deleting local copy: mpcndmgr.dll
deleting local copy: mpcndmgr.dll
deleting local copy: mrg4dmod.dll
deleting local copy: mrg4dmod.dll
deleting local copy: rrpwsx.dll
deleting local copy: rrpwsx.dll
deleting local copy: sbayerxp.dll
deleting local copy: sbayerxp.dll
deleting local copy: thappcmp.dll
deleting local copy: thappcmp.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\ewts.dll
C:\WINDOWS\system32\ewts.dll
C:\WINDOWS\system32\jhcript.dll
C:\WINDOWS\system32\jhcript.dll
C:\WINDOWS\system32\kwdbene.dll
C:\WINDOWS\system32\kwdbene.dll
C:\WINDOWS\system32\mpcndmgr.dll
C:\WINDOWS\system32\mpcndmgr.dll
C:\WINDOWS\system32\mrg4dmod.dll
C:\WINDOWS\system32\mrg4dmod.dll
C:\WINDOWS\system32\rrpwsx.dll
C:\WINDOWS\system32\rrpwsx.dll
C:\WINDOWS\system32\sbayerxp.dll
C:\WINDOWS\system32\sbayerxp.dll
C:\WINDOWS\system32\thappcmp.dll
C:\WINDOWS\system32\thappcmp.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{1DF4B455-8513-400A-93EA-D7EF95B8C144}"=-
"{242DA79B-14B4-403F-9374-F09A8AE481A8}"=-
[-HKEY_CLASSES_ROOT\CLSID\{1DF4B455-8513-400A-93EA-D7EF95B8C144}]
[-HKEY_CLASSES_ROOT\CLSID\{242DA79B-14B4-403F-9374-F09A8AE481A8}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************

HIJACKTHIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 7:32:32 PM, on 7/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\wanmpsvc.exe
c:\windows\system32\ilcgfyx.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhos;;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [gmvdux] c:\windows\system32\ilcgfyx.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121057390639
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMP54GSVC - Unknown owner - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe" "WMP54G.exe (file missing)
  • 0

#23
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Go to start, then my computer. Click on the Local Disc (C:). Then go to windows folder. Then look for a folder called BUNDLES. Right click on that and select delete.

Go to start, then my computer. Click on the Local Disc (C:). Then go to Documents and Settings folder. then to the Owner folder. Then to the Application Data folder. In here look for a folder called Lycos. Right click on that and select delete.

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Please run Killbox.
  • Select "Delete on Reboot".
  • Copy the file names below to the clipboard by highlighting them and pressing Control-C:

    c:\windows\system32\mebtluz.exe
    C:\WINDOWS\System32\apcups53.exe
    C:\WINDOWS\System32\SMBsvs.exe
    C:\WINDOWS\System32\_pnd_71Kc0.exe
    C:\WINDOWS\Nail.exe
    C:\WINDOWS\wupdt.exe
    C:\WINDOWS\system32\rrpwsx.dll
    C:\WINDOWS\cfgmgr52.dll
    c:\windows\system32\xsguis.exe
    c:\windows\system32\ubwfxt.exe
    C:\WINDOWS\System32\sysfile.dll
    C:\WINDOWS\System32\saie_*.dat
    C:\WINDOWS\svchost.exe
    C:\WINDOWS\System32\Searchx.htm
    C:\WINDOWS\System32\stlb2.xml
    C:\WINDOWS\System32\lmf32v.dll
    C:\WINDOWS\system32\ayjjquu.exe
    C:\WINDOWS\system32\fmvafs.exe
    C:\WINDOWS\system32\khdjwov.exe
    C:\WINDOWS\system32\ktokil.exe
    C:\WINDOWS\system32\lbkbyp.exe
    C:\WINDOWS\system32\lmf32v.dll
    C:\WINDOWS\system32\mebtluz.exe
    C:\WINDOWS\system32\nsldwqm.exe
    C:\WINDOWS\system32\okduyw.exe
    C:\WINDOWS\system32\phjvqsf.exe
    C:\WINDOWS\system32\qiljst.exe
    C:\WINDOWS\system32\qszbetu.exe
    C:\WINDOWS\system32\rhcepm.exe
    C:\WINDOWS\system32\saie_gdf.dat
    C:\WINDOWS\system32\sexqogu.exe
    C:\WINDOWS\system32\SMBsvs.exeC:\WINDOWS\system32\stlb2.xml
    C:\WINDOWS\system32\sysfile.dll
    C:\WINDOWS\system32\tlgwljv.exe
    C:\WINDOWS\system32\ubwfxt.exe
    C:\WINDOWS\system32\uvxypb.exe
    C:\WINDOWS\system32\vqvpk.dat
    C:\WINDOWS\system32\winupdt.008
    C:\WINDOWS\system32\xfxzgar.exe
    C:\WINDOWS\system32\xsguis.exe
    C:\WINDOWS\system32\yseotf.exe
    C:\WINDOWS\system32\zevljc.exe
    C:\WINDOWS\system32\_pnd_7swDR.dll
    C:\WINDOWS\system32\_pnd_B2G3g.exe
    C:\WINDOWS\system32\_pnd_cZzu4.dll
    C:\WINDOWS\system32\_pnd_ISp78.exe
    C:\WINDOWS\system32\__delete_on_reboot__ef.dll


  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..
  • Let the system reboot.
Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here along with a fresh HiJackThis log.

Edited by Excal, 11 July 2005 - 07:19 PM.

  • 0

#24
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Also can you open up your Microsoft AntiSpyware. Go to Tools, spywarescan, manage spyware quarantine. Delete all the quarantine files in there.

Run Cleanup! again.

Thanks,

:tazz:

Excal

Edited by Excal, 11 July 2005 - 07:08 PM.

  • 0

#25
stantie06

stantie06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
in step 2 of running killbox, where is this 'text file' that i need to open?
  • 0

Advertisements


#26
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
I edited it step #2. Will that work?


Thanks,

:tazz:

Excal
  • 0

#27
stantie06

stantie06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Started Scanning
Internet Cookies
Found 'a.websponsors.com' in 'Internet Explorer Cache'
Found 'abetterinternet.com' in 'Internet Explorer Cache'
Found 'edge.ru4.com' in 'Internet Explorer Cache'
Found 'azjmp.com' in 'Internet Explorer Cache'
Found 'com.com' in 'Internet Explorer Cache'
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'offeroptimizer.com' in 'Internet Explorer Cache'
Found 'revenue.net' in 'Internet Explorer Cache'
Found 'realmedia.com' in 'Internet Explorer Cache'
Found 'partypoker.touchclarity.com' in 'Internet Explorer Cache'
Found 'partypoker.com' in 'Internet Explorer Cache'
Found 'zedo.com' in 'Internet Explorer Cache'
Found 'a.websponsors.com' in 'Internet Explorer Cache'
Found 'cliks.org' in 'Internet Explorer Cache'
Found 'z1.adserver.com' in 'Internet Explorer Cache'
Found 'hits.clickandtrack.net' in 'Internet Explorer Cache'
Found 'ads.addynamix.com' in 'Internet Explorer Cache'
Found 'ads.addynamix.com' in 'Internet Explorer Cache'
Found 'btg.btgrab.com' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'trafficmp.com' in 'Internet Explorer Cache'
Found 'adknowledge.com' in 'Internet Explorer Cache'
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'btg.btgrab.com' in 'Internet Explorer Cache'
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Classes\ed2k'
Found '' in 'SOFTWARE\Classes\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}'
Found '' in 'SOFTWARE\Classes\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\TypeLib'
Found '' in 'Software\AppConf'
Found 'confset' in 'Software\AppConf'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\HELPDIR'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/VBouncer/INSTALL.LOG'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\0'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}'
Found '' in 'SOFTWARE\Classes\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}'
Found '' in 'SOFTWARE\Classes\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\TypeLib'
Found '' in 'SOFTWARE\Classes\Remove'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Service' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Legacy' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'DeviceDesc' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'ConfigFlags' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'ClassGUID' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Class' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'PluginLevel' in 'SYSTEM\CurrentControlSet\Control\Session Manager'
Found '' in 'Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}'
Found '' in 'TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}'
Found '' in 'Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Internet URL Shortcuts
Files and Directories
Found 'alchem.inf' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'alchem.ini' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'libexpat.dll' in 'C:\Documents and Settings\Owner\Local Settings\Temp\AutoUpdate1'
Found '' in 'C:\Documents and Settings\Owner\Local Settings\Temp\FLEOK'
Found 'kmd10B.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd10C.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd10D.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd10E.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd10F.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd110.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd111.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd112.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd115.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd117.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd118.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd119.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd11A.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd11B.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd11C.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd11D.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd448.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd449.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd44A.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd44B.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd44C.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd44D.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd44E.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd44F.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd454.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd455.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd456.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd457.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd458.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd459.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd45A.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'kmd45B.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'msbbau.dat' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'temp.fr8F97' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found '~DFAD13.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found '~DFBCB0.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found '~DFBE6F.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found '~DFC990.tmp' in 'C:\Documents and Settings\Owner\Local Settings\Temp'
Found 'QFle06052005154825496093.asw' in 'C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup'
Found '' in 'C:\Program Files\Lycos'
Found 'A83E0671-AE26-4FA2-94A1-E5965A' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\501C4B89-EBFF-40CB-A2C3-A4E2FE'
Found 'AD841373-A60E-4500-973E-068457' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\501C4B89-EBFF-40CB-A2C3-A4E2FE'
Found '' in 'C:\Program Files\WinMX'
Found 'Dc2.html' in 'C:\RECYCLER\S-1-5-21-568730901-2907011200-4168273537-1003'
Found 'EECH1.bsx' in 'C:\WINDOWS\cfgmgr52'
Found 'SPZ3.bsx' in 'C:\WINDOWS\cfgmgr52'
Found 'kqomde.xml' in 'C:\WINDOWS\system32'
Found '~DF884D.tmp' in 'C:\WINDOWS\Temp'
Finished Scanning
Started Backup
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Finished Backup
Started Cleaning
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'. Error=5.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\alchem.inf' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\alchem.inf' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\alchem.inf'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\alchem.ini' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\alchem.ini' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\alchem.ini'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\AutoUpdate1\libexpat.dll' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\AutoUpdate1\libexpat.dll' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\AutoUpdate1\libexpat.dll'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\FLEOK' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\FLEOK' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\FLEOK'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\FLEOK\msbb.log' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\FLEOK\msbb.log' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\FLEOK\msbb.log'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd10B.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd10B.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd10B.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd10C.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd10C.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd10C.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd10D.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd10D.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd10D.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd10E.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd10E.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd10E.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd10F.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd10F.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd10F.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd110.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd110.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd110.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd111.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd111.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd111.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd112.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd112.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd112.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd115.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd115.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd115.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd117.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd117.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd117.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd118.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd118.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd118.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd119.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd119.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd119.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd11A.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd11A.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd11A.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd11B.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd11B.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd11B.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd11C.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd11C.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd11C.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd11D.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd11D.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd11D.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd448.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd448.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd448.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd449.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd449.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd449.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd44A.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd44A.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd44A.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd44B.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd44B.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd44B.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd44C.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd44C.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd44C.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd44D.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd44D.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd44D.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd44E.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd44E.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd44E.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd44F.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd44F.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd44F.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd454.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd454.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd454.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd455.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd455.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd455.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd456.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd456.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd456.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd457.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd457.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd457.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd458.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd458.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd458.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd459.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd459.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd459.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd45A.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd45A.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd45A.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd45B.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd45B.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\kmd45B.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\msbbau.dat' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\msbbau.dat' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\msbbau.dat'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr8F97' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr8F97' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr8F97'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\~DFAD13.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\~DFAD13.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\~DFAD13.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\~DFBCB0.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\~DFBCB0.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\~DFBCB0.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\~DFBE6F.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\~DFBE6F.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\~DFBE6F.tmp'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\~DFC990.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\~DFC990.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\~DFC990.tmp'
Checking for 'C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle06052005154825496093.asw' in shortcut areas.
Checking for 'C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle06052005154825496093.asw' in startup areas.
Cleaning 'C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle06052005154825496093.asw'
Checking for 'C:\Program Files\Lycos' in shortcut areas.
Checking for 'C:\Program Files\Lycos' in startup areas.
Cleaning 'C:\Program Files\Lycos'
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\501C4B89-EBFF-40CB-A2C3-A4E2FE\A83E0671-AE26-4FA2-94A1-E5965A' in shortcut areas.
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\501C4B89-EBFF-40CB-A2C3-A4E2FE\A83E0671-AE26-4FA2-94A1-E5965A' in startup areas.
Cleaning 'C:\Program Files\Microsoft AntiSpyware\Quarantine\501C4B89-EBFF-40CB-A2C3-A4E2FE\A83E0671-AE26-4FA2-94A1-E5965A'
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\501C4B89-EBFF-40CB-A2C3-A4E2FE\AD841373-A60E-4500-973E-068457' in shortcut areas.
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\501C4B89-EBFF-40CB-A2C3-A4E2FE\AD841373-A60E-4500-973E-068457' in startup areas.
Cleaning 'C:\Program Files\Microsoft AntiSpyware\Quarantine\501C4B89-EBFF-40CB-A2C3-A4E2FE\AD841373-A60E-4500-973E-068457'
Checking for 'C:\Program Files\WinMX' in shortcut areas.
Checking for 'C:\Program Files\WinMX' in startup areas.
Cleaning 'C:\Program Files\WinMX'
Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\wpnpchannelcmds.txt'
Checking for 'C:\RECYCLER\S-1-5-21-568730901-2907011200-4168273537-1003\Dc2.html' in shortcut areas.
Checking for 'C:\RECYCLER\S-1-5-21-568730901-2907011200-4168273537-1003\Dc2.html' in startup areas.
Cleaning 'C:\RECYCLER\S-1-5-21-568730901-2907011200-4168273537-1003\Dc2.html'
Checking for 'C:\WINDOWS\cfgmgr52\EECH1.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\cfgmgr52\EECH1.bsx' in startup areas.
Cleaning 'C:\WINDOWS\cfgmgr52\EECH1.bsx'
Checking for 'C:\WINDOWS\cfgmgr52\SPZ3.bsx' in shortcut areas.
Checking for 'C:\WINDOWS\cfgmgr52\SPZ3.bsx' in startup areas.
Cleaning 'C:\WINDOWS\cfgmgr52\SPZ3.bsx'
Checking for 'C:\WINDOWS\system32\kqomde.xml' in shortcut areas.
Checking for 'C:\WINDOWS\system32\kqomde.xml' in startup areas.
Cleaning 'C:\WINDOWS\system32\kqomde.xml'
Checking for 'C:\WINDOWS\Temp\~DF884D.tmp' in shortcut areas.
Checking for 'C:\WINDOWS\Temp\~DF884D.tmp' in startup areas.
Cleaning 'C:\WINDOWS\Temp\~DF884D.tmp'
Finished Cleaning



hijackthis log :

Logfile of HijackThis v1.99.1
Scan saved at 9:27:20 PM, on 7/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhos;;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [buqelwf] c:\windows\system32\msjolxs.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121057390639
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMP54GSVC - Unknown owner - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe" "WMP54G.exe (file missing)
  • 0

#28
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Have you ran Cleanup!?


Excal
  • 0

#29
stantie06

stantie06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
oh yea, i was wondering if that has to be done in safe mode or not?
  • 0

#30
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
please do that, in either or. Just please do it...lol.

after your done that.

Run this online virus scan again: ActiveScan - Save the results from the scan!


Post the results and also a fresh hijackthis log.


Thanks,

:tazz:

Excal
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP