okay...I think I did everything correctly. The only unexpected thing was it told me
that the file c:/explorer.cab/explorer.exe could not be removed because it was embedded in the archive "c;/explorer.cab" I didn't know if I should remove the entire archive so I said "No". Everything else went great. Here are the logs~
Logfile of HijackThis v1.99.1
Scan saved at 10:20:18 PM, on 7/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
c:\windows\system32\vsluaa.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drs...esearch.cgi?id=R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drs...esearch.cgi?id=R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.emachines.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.emachines.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drs...esearch.cgi?id=R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drs...esearch.cgi?id=R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://websearch.drs...esearch.cgi?id=R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://websearch.drs...esearch.cgi?id=R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll (file missing)
O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\system32\WinStat12.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [windll] C:\WINDOWS\System32\wsys.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [jolvrfw] C:\WINDOWS\system32\jolvrfw.exe
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [vgfkda] c:\windows\system32\vsluaa.exe r
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone:
http://www.neededware.comO16 - DPF: NDWCab -
http://www.neededware.com/ndw3.cabO16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) -
http://www.napster.c...lient/setup.exeO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://www.msnusers....UC/MsnPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1098922084342O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) -
http://fdl.msn.com/p...t/msnchat42.cabO20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 10:12:40 PM, 7/12/2005
+ Report-Checksum: 6F9391B
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Softomate.IEToolbar -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CLSID -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CurVer -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2320958936-414440772-572454927-1003\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2320958936-414440772-572454927-1003\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2320958936-414440772-572454927-1003\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2320958936-414440772-572454927-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\
[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\
[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\
[email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\
[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Owner\installer_MARKETING35.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\8vcz.dll -> Adware.MidADle : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\antispy.exe -> Spyware.AdURL : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\bi137837.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\bi139523.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\bi154430.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\i9a7lA.exe -> Adware.MidADle : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\instnotify.exe -> Trojan.VB.kq : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\KAt.exe -> Spyware.WinFetcher : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\mw_4s_stub.exe -> Trojan.VB.kq : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\oIJODj.exe -> Adware.MidADle : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\oRw9.exe -> Adware.MidADle : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\sa17.tmp.exe -> TrojanDownloader.Small.uf : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\SEPinst.exe -> Trojan.Septic.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\thin.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\v1vZOwte.exe -> Spyware.WinFetcher : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\whenu.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\XoftSpyBackup\1 -> TrojanDownloader.Dyfuca.da : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\XoftSpyBackup\10 -> Spyware.HelpExpress : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\XoftSpyBackup\11 -> Spyware.HelpExpress : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\XoftSpyBackup\2 -> TrojanDownloader.Dyfuca.da : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\XoftSpyBackup\3 -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\XoftSpyBackup\4 -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\XoftSpyBackup\5 -> TrojanDownloader.Dyfuca.cr : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\XoftSpyBackup\6 -> TrojanDownloader.Dyfuca.cr : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\XoftSpyBackup\7 -> Trojan.SecondThought.ag : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\XoftSpyBackup\8 -> Spyware.ImiBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\XoftSpyBackup\9 -> Spyware.BargainBuddy : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\xwxload.exe -> TrojanDownloader.Small.Fo : Cleaned with backup
C:\explorer.cab/explorer.exe -> Trojan.Small.bj : Error during cleaning
C:\Program Files\BullsEye Network\bin\bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe/data\player\aolnysev.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\Common Files\aolshare\Coach\en_en\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2E39AFF1-3AB3-449D-8CC1-B92107\0BF940FB-C421-4B21-9493-DF9148 -> Spyware.MetaDirect : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2E39AFF1-3AB3-449D-8CC1-B92107\5ECBF111-5CAC-45EF-ADB6-6D4868 -> Spyware.MetaDirect : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5573F357-F2A6-484B-A4CA-1FD628\1A7107F4-EB69-4C27-AA91-0B1C6E -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\574ED70F-3820-427A-8D5D-487807\34B8C258-03D5-4C9D-85FD-B8F932 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D28C26FB-6603-4362-BC38-0EB72B\C26C05B1-B246-4852-8C53-A9DCE6 -> TrojanDownloader.Lastad.p : Cleaned with backup
C:\WINDOWS\irfvvubomp.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\kubzhc.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\multimpp(2).dll -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8GDRSB7Q\bobby[1].exe -> TrojanDownloader.Small.sg : Cleaned with backup
C:\WINDOWS\system32\epx30104.exe -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINDOWS\system32\epx30105.exe -> TrojanDownloader.Lastad.p : Cleaned with backup
C:\WINDOWS\system32\jolvrfw.exe -> TrojanDownloader.Lastad.p : Cleaned with backup
C:\WINDOWS\system32\jolvrfwaeg05.dll -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINDOWS\system32\kfrvwe.exe -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINDOWS\system32\kfrvwendw30104lib.dll -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINDOWS\system32\osmlmo.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\sdefh.exe -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINDOWS\system32\sdefhndw30103lib.dll -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINDOWS\system32\Searchx.htm -> Spyware.TwainTech : Cleaned with backup
C:\WINDOWS\system32\WinStat11.dll -> Spyware.Winsta : Cleaned with backup
C:\WINDOWS\system32\WinStat12.dll -> Spyware.Winsta : Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\WildApp(2).dll -> Spyware.MetaDirect : Cleaned with backup
C:\WINDOWS\WildApp(3).dll -> Spyware.MetaDirect : Cleaned with backup
C:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c : Cleaned with backup
::Report End