Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack this

Started by mcmah2b0 , Jul 13 2005 11:34 AM

  • Please log in to reply

#1
mcmah2b0
Posted 13 July 2005 - 11:34 AM

mcmah2b0

    Member

  • Member
  • PipPip
  • 43 posts
I have way too much spyware-popups on my computer. Please help

Logfile of HijackThis v1.99.1
Scan saved at 1:33:08 PM, on 7/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\explore1.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\System32\edwrwavk.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
c:\windows\system32\iwjuagn.exe
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
C:\WINDOWS\system32\picsvr\picsvr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\w?auboot.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\HJT\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.usadatanet.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysear...nfo/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {A5D4EC13-62BB-7AD4-6F10-5094B1D95C3A} - C:\WINDOWS\System32\apkmboxb.dll (file missing)
O2 - BHO: (no name) - {B44FCA21-5ECD-0D11-E1DE-56C0BAE75898} - C:\WINDOWS\system32\spmxbt.dll (file missing)
O2 - BHO: (no name) - {CE744515-D3FD-8723-8438-884D82807BCE} - C:\WINDOWS\System32\dgtww.dll
O2 - BHO: Guard-IE - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O2 - BHO: (no name) - {D97668E1-552E-4F5C-5A3E-4A5E8EB8C0A2} - C:\WINDOWS\System32\frlrhkwm.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O2 - BHO: (no name) - {E28523D5-6ED6-09F7-792C-4DDE287E1431} - C:\WINDOWS\System32\xbgsmlcm.dll (file missing)
O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Guard-IE - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [xwhwhc] C:\WINDOWS\System32\xwhwhc.exe
O4 - HKLM\..\Run: [qE8i36S] gpelgn32.exe
O4 - HKLM\..\Run: [wtpuxc] C:\WINDOWS\System32\wtpuxc.exe
O4 - HKLM\..\Run: [Explore1] C:\WINDOWS\System32\explore1.exe
O4 - HKLM\..\Run: [mxhlgc] C:\WINDOWS\System32\mxhlgc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [edwrwavk] C:\WINDOWS\System32\edwrwavk.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [vcmpin] C:\windows\bundles\adl_mteststub.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [teftyoy] c:\windows\system32\lgwjau.exe
O4 - HKLM\..\Run: [vzprtlp] c:\windows\system32\rdajxru.exe
O4 - HKLM\..\Run: [zpdjmn] c:\windows\system32\wqhdpr.exe
O4 - HKLM\..\Run: [eltupt] C:\WINDOWS\eltupt.exe
O4 - HKLM\..\Run: [msmnia] c:\windows\system32\iwjuagn.exe r
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Vhasfidr] C:\WINDOWS\System32\w?auboot.exe
O4 - HKCU\..\Run: [Suou] C:\Documents and Settings\Kelly\Application Data\raeo.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: winlogin.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @C:\Program Files\Failsafe\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Failsafe\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalr....4.2.block2.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/i...etup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Protocol: start - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\DGJMPSVY.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
  • 0

Advertisements

#2
don77
Posted 14 July 2005 - 12:21 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Indeed you do have quite a mess there, This will take some work, I will need you to download some tools and go through each step as is posted,
Probably a good idea to print out these instructions or save them to notepad so you have access to them,,,


Download CWShredder (there is a link in my signature), unzip it, and save it on the Desktop. Be sure and check for it updates
Run CWShredder be sure and click the "Fix" Button, Have it fix anything it finds and close out the program,



Next,
Download and run Purityscan removal

Next,

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
(Close it out we will use it later)

Next,
Please set your system to show
all files; please see here if you're unsure how to do this.


Next,
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: (no name) - {A5D4EC13-62BB-7AD4-6F10-5094B1D95C3A} - C:\WINDOWS\System32\apkmboxb.dll (file missing)
O2 - BHO: (no name) - {B44FCA21-5ECD-0D11-E1DE-56C0BAE75898} - C:\WINDOWS\system32\spmxbt.dll (file missing)
O2 - BHO: (no name) - {D97668E1-552E-4F5C-5A3E-4A5E8EB8C0A2} - C:\WINDOWS\System32\frlrhkwm.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O2 - BHO: (no name) - {E28523D5-6ED6-09F7-792C-4DDE287E1431} - C:\WINDOWS\System32\xbgsmlcm.dll (file missing)
O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [xwhwhc] C:\WINDOWS\System32\xwhwhc.exe
O4 - HKLM\..\Run: [qE8i36S] gpelgn32.exe
O4 - HKLM\..\Run: [wtpuxc] C:\WINDOWS\System32\wtpuxc.exe
O4 - HKLM\..\Run: [Explore1] C:\WINDOWS\System32\explore1.exe
O4 - HKLM\..\Run: [mxhlgc] C:\WINDOWS\System32\mxhlgc.exe
O4 - HKLM\..\Run: [edwrwavk] C:\WINDOWS\System32\edwrwavk.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [vcmpin] C:\windows\bundles\adl_mteststub.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [teftyoy] c:\windows\system32\lgwjau.exe
O4 - HKLM\..\Run: [vzprtlp] c:\windows\system32\rdajxru.exe
O4 - HKLM\..\Run: [zpdjmn] c:\windows\system32\wqhdpr.exe
O4 - HKLM\..\Run: [eltupt] C:\WINDOWS\eltupt.exe
O4 - HKLM\..\Run: [msmnia] c:\windows\system32\iwjuagn.exe r
O4 - HKCU\..\Run: [Vhasfidr] C:\WINDOWS\System32\w?auboot.exe
O4 - HKCU\..\Run: [Suou] C:\Documents and Settings\Kelly\Application Data\raeo.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: winlogin.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/i...etup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O18 - Protocol: start - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\DGJMPSVY.dll (file missing)
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe

Close all open windows except for HijackThis and click Fix Checked.




Next,

Open Killbox
*In the killbox program, select the Delete on Reboot option.
*Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\System32\winupdtl.exe
C:\WINDOWS\System32\xwhwhc.exe
gpelgn32.exe
C:\WINDOWS\System32\wtpuxc.exe
C:\WINDOWS\System32\explore1.exe
C:\WINDOWS\System32\mxhlgc.exe
C:\WINDOWS\System32\edwrwavk.exe
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
C:\WINDOWS\system32\picsvr\picsvr.exe
C:\windows\bundles\adl_mteststub.exe
C:\WINDOWS\SysCheckBop32
C:\WINDOWS\wupdt.exe
c:\windows\system32\lgwjau.exe
c:\windows\system32\rdajxru.exe
c:\windows\system32\wqhdpr.exe
C:\WINDOWS\eltupt.exe
c:\windows\system32\iwjuagn.exe r
C:\WINDOWS\System32\w?auboot.exe
C:\Documents and Settings\Kelly\Application Data\raeo.exe
O4 - Global Startup: PowerReg Scheduler.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
  • 0

#3
mcmah2b0
Posted 15 July 2005 - 12:36 PM

mcmah2b0

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hopefully it all worked....

Logfile of HijackThis v1.99.1
Scan saved at 2:35:37 PM, on 7/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.usadatanet.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {4011D7A8-131A-169F-3803-4B31B5BAFFCD} - C:\WINDOWS\system32\ydvgtmqj.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {A5D4EC13-62BB-7AD4-6F10-5094B1D95C3A} - (no file)
O2 - BHO: Guard-IE - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O2 - BHO: (no name) - {D97668E1-552E-4F5C-5A3E-4A5E8EB8C0A2} - (no file)
O2 - BHO: (no name) - {E28523D5-6ED6-09F7-792C-4DDE287E1431} - (no file)
O3 - Toolbar: Guard-IE - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [teftyoy] c:\windows\system32\lgwjau.exe
O4 - HKLM\..\Run: [vzprtlp] c:\windows\system32\rdajxru.exe
O4 - HKLM\..\Run: [zpdjmn] c:\windows\system32\wqhdpr.exe
O4 - HKLM\..\Run: [yjycwcf] c:\windows\system32\dxvyid.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Global Startup: winlogin.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @C:\Program Files\Failsafe\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Failsafe\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalr....4.2.block2.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

and....


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:08:19 PM, 7/15/2005
+ Report-Checksum: 9CBFE067

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} -> TrojanDownloader.WebP2P : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3f4d4f88-0198-4921-b630-957f3eb814e0} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} -> Spyware.Hijacker.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6DF5E318-6994-4A41-85BD-45CCADA616F8} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252} -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} -> Spyware.NewtonKnows : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{16097036-894C-4C00-A61F-93CA0D49A70E} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{258A3625-183B-4477-AEE2-EA54DF6D878D} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2ED5AF98-9258-45BA-B79B-06625C92F662} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{53B95210-7D77-11D2-9F81-00104B107C96} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D273D427-57C6-4B12-860F-BBB8195F6E2A} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EFA52460-8822-4191-BA38-FACDD2007910} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FD42F6D3-7AB1-470C-979B-7996EDC99099} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{53B95204-7D77-11D2-9F81-00104B107C96} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{F720B40F-3A38-4B22-B30D-DCF095D42498} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} -> TrojanDownloader.WebP2P : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{f760cb9e-c60f-4a89-890e-fae8b849493e} -> Spyware.MagicAds : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} -> Spyware.NewtonKnows : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MirrorUnder -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UrlSidebar -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\picsvr -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\skin -> Spyware.Delfin : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc -> Spyware.WebSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc\Enum -> Spyware.WebSearch : Cleaned with backup
HKU\.DEFAULT\Software\SiteIcons -> Dialer.Generic : Cleaned with backup
HKU\.DEFAULT\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-20\Software\SiteIcons -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\180solutions -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Apropos -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Apropos\Client -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Apropos\Client\Cookies -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Apropos\Client\Cookies\Data -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Apropos\Client\Cookies\Data\net -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Apropos\Client\Cookies\Data\net\adintelligence -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Apropos\Client\Cookies\Data\net\adintelligence\acc.adintelligence.net/ -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Apropos\Client\Cookies\Data\net\contextplus -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Apropos\Client\Cookies\Data\net\contextplus\adchannel.contextplus.net/services/AdChannelServer -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Bonzi Software -> Spyware.BonziBuddy : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Bundles -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\CarpeDiemVars -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\CarpeDiemVars\Kit -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\CarpeDiemVars\Kit\UserId -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Cydoor -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\DLMax -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates -> Spyware.WebRebates : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-59D4-4008-9058-080011001200} -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} -> Spyware.NewtonKnows : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\saie -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\SiteIcons -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\SiteIcons\Dialers -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\toolbar\UrlSearchHooks -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\VB and VBA Program Settings\BONZIBUDDY -> Spyware.BonziBuddy : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\VB and VBA Program Settings\BONZIBUDDY\BonziCHECKERS -> Spyware.BonziBuddy : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\VB and VBA Program Settings\BONZIBUDDY\BonziMAIL -> Spyware.BonziBuddy : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\VB and VBA Program Settings\BONZIBUDDY\Daily -> Spyware.BonziBuddy : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\VB and VBA Program Settings\BONZIBUDDY\Downloader -> Spyware.BonziBuddy : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\VB and VBA Program Settings\BONZIBUDDY\Email -> Spyware.BonziBuddy : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\VB and VBA Program Settings\BONZIBUDDY\EntertainmentCenter -> Spyware.BonziBuddy : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\VB and VBA Program Settings\BONZIBUDDY\Jigsaw -> Spyware.BonziBuddy : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\VB and VBA Program Settings\BONZIBUDDY\ProductsHeard -> Spyware.BonziBuddy : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\VB and VBA Program Settings\BONZIBUDDY\Relax -> Spyware.BonziBuddy : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\VB and VBA Program Settings\BONZIBUDDY\Solitaire -> Spyware.BonziBuddy : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\VB and VBA Program Settings\BONZIBUDDY\UserInfo -> Spyware.BonziBuddy : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\WinTools -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\WinTools\URLSearchHooks -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1390067357-507921405-1957994488-1003\Software\ZServ -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-18\Software\SiteIcons -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-18\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\in2bS.dll -> Adware.eZula : Cleaned with backup
C:\WINDOWS\SYSTEM32\SHAgentNew.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\CP18.exe -> TrojanDownloader.Small.ahx : Cleaned with backup
C:\WINDOWS\SYSTEM32\uooryivc.dll -> Trojan.Golid.g : Cleaned with backup
C:\WINDOWS\Lycos\ss_IGN1_setup.exe -> Spyware.Sidesearch.d : Cleaned with backup
C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\TEMP\EACDownload\eagle.exe -> Spyware.eAcceleration : Cleaned with backup
C:\WINDOWS\TEMP\__unin__.exe -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\TEMP\remove.exe -> TrojanDownloader.Keenval.f : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\search3.dll -> Spyware.MegaSearch : Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar : Cleaned with backup
C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\tmpcpyis.bat -> Backdoor.AcidShiver : Cleaned with backup
C:\WINDOWS\.jpi_cache\jar\1.0\nocheat.jar-67b60e84-609b8b3b.zip/Matrix.class -> TrojanDownloader.OpenConnection.s : Cleaned with backup
C:\WINDOWS\.jpi_cache\jar\1.0\ar3.jar-287c52a1-6f249291.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\bundles\ezStubseedcorn.exe -> Adware.eZula : Cleaned with backup
C:\WINDOWS\mbop1-0-3b.exe -> Trojan.VB.tx : Cleaned with backup
C:\WINDOWS\SysCheckBop32.exe -> Trojan.VB.tg : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\IS2ECREJ\thnall2r[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\IS2ECREJ\install_1000[1].exe -> Trojan.SecondThought.bd : Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@clickagents[1].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
:mozilla.21:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.32:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.53:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.107:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.120:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.124:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.129:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.130:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.131:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.132:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.133:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.134:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\caaagcls.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Brendan\Local Settings\Temp\THI1722.tmp\elitetrp.exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Brendan\Local Settings\Temporary Internet Files\Content.IE5\IS2ECREJ\ezStubseedcorn[1].exe -> Adware.eZula : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\THI1085.tmp\dlmax.cab/dlmax.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\THI42DC.tmp\dlmax.cab/dlmax.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\THI4F9A.tmp\dlmax.cab/dlmax.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\THI3FD0.tmp\dlmax.cab/dlmax.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\THI3D5.tmp\dlmax.cab/dlmax.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\THI190.tmp\dlmax.cab/dlmax.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\THI325F.tmp\dlmax.cab/dlmax.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\THI65C8.tmp\dlmax.cab/dlmax.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\THI4FFE.tmp\dlmax.cab/dlmax.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\THIDA8.tmp\dlmax.cab/dlmax.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\THI62BE.tmp\dlmax.cab/dlmax.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\THI1A43.tmp\dlmax.cab/dlmax.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\THI1556.tmp\dlmax.cab/dlmax.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Anthony\Cookies\anthony@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Anthony\Cookies\anthony@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Anthony\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Anthony\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Anthony\Cookies\anthony@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\fbdrhyik.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Kelly\Local Settings\Temporary Internet Files\Content.IE5\K1MJ4HEB\AM_1.0.163[1].exe -> TrojanDownloader.Apropo.s : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\gb9ndrk8.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\gb9ndrk8.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\gb9ndrk8.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\gb9ndrk8.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\gb9ndrk8.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\gb9ndrk8.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\gb9ndrk8.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\gb9ndrk8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\gb9ndrk8.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\gb9ndrk8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\gb9ndrk8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\gb9ndrk8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\gb9ndrk8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\gb9ndrk8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\gb9ndrk8.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Common Files\GMT\EGIEProcess.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\EGGCEngine.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\egIEEngine.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\CMEIIAPI.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GIocl.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GMTProxy.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GAppMgr.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GController.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GIoclClient.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GObjs.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\CMEUpd.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GFormCTM.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GSvcMgr.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GSvcSAP.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\onflow\uninstall onflow.exe -> Spyware.OnFlow : Cleaned with backup
C:\Program Files\WildTangent\Components\SystemConfig0100.dll -> Spyware.WinAD : Cleaned with backup
C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE -> Spyware.MyWay : Cleaned with backup
C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay : Cleaned with backup
C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay : Cleaned with backup
C:\Program Files\QuickSearch\Uninstall_QuickSearchBar.exe -> Spyware.Quick : Cleaned with backup
C:\Program Files\FileSubmit\Super Mario Yoshi and Boshi\nnez_388.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\FileSubmit\mario64.zip\NNEZTA388.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP455\A0044501.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP435\A0043385.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP435\A0043386.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP436\A0043453.DLL -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP450\A0043560.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP451\A0043564.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP451\A0044475.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP451\A0044478.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP460\A0045537.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP460\A0045538.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP460\A0045539.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP460\A0045541.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP460\A0046523.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP460\A0046533.exe -> TrojanDownloader.Wintool.f : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP460\A0046534.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP460\A0046535.exe -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP460\A0046536.dll -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP460\A0046538.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP460\A0046539.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP460\A0046540.exe -> TrojanDownloader.Delmed.b : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP460\A0046558.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP460\A0046559.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP448\A0043554.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP448\A0043555.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP452\A0044489.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP454\A0044497.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP457\A0045457.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP458\A0045470.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP459\A0045486.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP459\A0045493.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP459\A0045495.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP459\A0045496.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{42DEB7C4-5158-4B38-B716-EDBCB50F5F37}\RP459\A0045511.exe -> Trojan.Imiserv
  • 0

#4
don77
Posted 16 July 2005 - 07:27 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
It cleaned up quite a bit, still more to go however,
  • Please set your system to show
    all files; please see here if you're unsure how to do this.



  • Close all programs leaving only HijackThis running. Place a check against each of the following:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
    O2 - BHO: (no name) - {4011D7A8-131A-169F-3803-4B31B5BAFFCD} - C:\WINDOWS\system32\ydvgtmqj.dll
    O2 - BHO: (no name) - {A5D4EC13-62BB-7AD4-6F10-5094B1D95C3A} - (no file)
    O2 - BHO: (no name) - {D97668E1-552E-4F5C-5A3E-4A5E8EB8C0A2} - (no file)
    O2 - BHO: (no name) - {E28523D5-6ED6-09F7-792C-4DDE287E1431} - (no file)
    O4 - HKLM\..\Run: [teftyoy] c:\windows\system32\lgwjau.exe
    O4 - HKLM\..\Run: [vzprtlp] c:\windows\system32\rdajxru.exe
    O4 - HKLM\..\Run: [zpdjmn] c:\windows\system32\wqhdpr.exe
    O4 - HKLM\..\Run: [yjycwcf] c:\windows\system32\dxvyid.exe r
    O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

    Click on Fix Checked when finished and exit HijackThis.



    Using killbox again please kill the following,

    c:\windows\system32\lgwjau.exe
c:\windows\system32\rdajxru.exe
c:\windows\system32\wqhdpr.exe
c:\windows\system32\dxvyid.exe 
C:\Program Files\TV Media\Tvm.exe


    After your computer restarts reboot back to safe mode and run another scan with Ewido, Again save the log, Post it back here with a fresh HJT log please

  • 0

#5
mcmah2b0
Posted 19 July 2005 - 10:16 PM

mcmah2b0

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:11:03 PM, on 7/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.usadatanet.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.msn.com/
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {A5D4EC13-62BB-7AD4-6F10-5094B1D95C3A} - (no file)
O2 - BHO: Guard-IE - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O2 - BHO: (no name) - {D97668E1-552E-4F5C-5A3E-4A5E8EB8C0A2} - (no file)
O2 - BHO: (no name) - {E28523D5-6ED6-09F7-792C-4DDE287E1431} - (no file)
O3 - Toolbar: Guard-IE - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Global Startup: winlogin.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @C:\Program Files\Failsafe\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Failsafe\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalr....4.2.block2.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


and

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:46:14 PM, 7/19/2005
+ Report-Checksum: 9FCA0C56

+ Scan result:

No infected objects found.


::Report End

when I tried deleting the files in killbox it told me none of them could be found
  • 0

#6
mcmah2b0
Posted 19 July 2005 - 10:20 PM

mcmah2b0

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I've tried it a few times and it isnt getting rid of the following

O2 - BHO: (no name) - {A5D4EC13-62BB-7AD4-6F10-5094B1D95C3A} - (no file)
O2 - BHO: (no name) - {D97668E1-552E-4F5C-5A3E-4A5E8EB8C0A2} - (no file)
O2 - BHO: (no name) - {E28523D5-6ED6-09F7-792C-4DDE287E1431} - (no file)
  • 0

#7
don77
Posted 20 July 2005 - 07:51 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Please disable SpywareGuard, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable SpywareGuard:

Right click the running icon of Spywareguard, it will open the program.
Then go to Menu, file, exit.
Then confirm the program is closed.
  • Close all programs leaving only HijackThis running. Place a check against each of the following:

    O2 - BHO: (no name) - {A5D4EC13-62BB-7AD4-6F10-5094B1D95C3A} - (no file)
    O2 - BHO: (no name) - {D97668E1-552E-4F5C-5A3E-4A5E8EB8C0A2} - (no file)
    O2 - BHO: (no name) - {E28523D5-6ED6-09F7-792C-4DDE287E1431} - (no file)
    O4 - Global Startup: winlogin.exe

    Click on Fix Checked when finished and exit HijackThis.
Reboot your computer

Post back a fresh HijackThis log and we will take another look.
  • 0

#8
mcmah2b0
Posted 25 July 2005 - 05:28 PM

mcmah2b0

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I tried deleting the files once with the spywareguard disabled and it did nothing. At least I think spywareguard was disabled...I can't see into the taskbar where the little icons are...I know spywareguard is running but it doesnt have the arrow where the clock is to show the unused hidden icons. so I disabled what I thought was spywareguard from the task manager, i disabled ewido security suite and guardIE but i still get an error when trying to get rid of O4 - Global Startup: winlogin.exe
It says it cant be deleted because it may be running. and to shut it down by the task manager. i go into the task manager and its not even there. there is winlogon.exe but that is a critical system process and cant be stopped. im on a different computer so ill post the new HJT log soon but i wont be surprised to find all of them still there.
One more thing...how can i make this desktop start up faster without having to reformat the whole system? any ideas?
  • 0

#9
mcmah2b0
Posted 25 July 2005 - 05:46 PM

mcmah2b0

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:43:52 PM, on 7/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.usadatanet.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.msn.com/
O2 - BHO: (no name) - {A5D4EC13-62BB-7AD4-6F10-5094B1D95C3A} - (no file)
O2 - BHO: Guard-IE - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O2 - BHO: (no name) - {D97668E1-552E-4F5C-5A3E-4A5E8EB8C0A2} - (no file)
O2 - BHO: (no name) - {E28523D5-6ED6-09F7-792C-4DDE287E1431} - (no file)
O3 - Toolbar: Guard-IE - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: winlogin.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @C:\Program Files\Failsafe\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Failsafe\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalr....4.2.block2.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#10
don77
Posted 26 July 2005 - 06:13 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Reboot to safe mode, Open HJT, put a check mark next to the following, Click "Fix Checked"

O2 - BHO: (no name) - {A5D4EC13-62BB-7AD4-6F10-5094B1D95C3A} - (no file)
O2 - BHO: (no name) - {D97668E1-552E-4F5C-5A3E-4A5E8EB8C0A2} - (no file)
O2 - BHO: (no name) - {E28523D5-6ED6-09F7-792C-4DDE287E1431} - (no file)
O4 - Global Startup: winlogin.exe

Reboot post back a fresh log please
  • 0

#11
mcmah2b0
Posted 27 July 2005 - 03:55 PM

mcmah2b0

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:54:56 PM, on 7/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.usadatanet.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.msn.com/
O2 - BHO: (no name) - {A5D4EC13-62BB-7AD4-6F10-5094B1D95C3A} - (no file)
O2 - BHO: (no name) - {D97668E1-552E-4F5C-5A3E-4A5E8EB8C0A2} - (no file)
O2 - BHO: (no name) - {E28523D5-6ED6-09F7-792C-4DDE287E1431} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Global Startup: winlogin.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalr....4.2.block2.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



I've tried getting rid of those 4 files but they keep appearing...what would make it do that?
  • 0

#12
don77
Posted 27 July 2005 - 05:55 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Lets try a different approach,

Download the WinloginRemove.zip file and save it to your hard drive (you may want to right click and use Save Target As). Extract WinloginRemove.exe from the ZIP and run it. There is no installer or uninstaller. Simply delete the WinloginRemove.exe file to uninstall.
Next

Download and install Registrar Lite version 2.00
  • Double click the purple Registrar Lite icon on your desktop.
  • Copy the line below and paste it into the "Address" field (located at the top) of the program:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

  • Click the "Go" button.
  • On the right-hand side it will load all of your BHOs (you'll just see a bunch of numbers)
  • Locate the following entries:

    • {A5D4EC13-62BB-7AD4-6F10-5094B1D95C3A}
      {D97668E1-552E-4F5C-5A3E-4A5E8EB8C0A2}
      {E28523D5-6ED6-09F7-792C-4DDE287E1431}

  • Right click on each one and select Properties
  • Click the Permissions Button and a new window will open.
  • Click the Advanced button
  • Place a checkmark next to the following:
    'Inherit from parent the permission entries that apply to child objects...'
  • Click OK, Ok again and rightclick on each of the following:
    {A5D4EC13-62BB-7AD4-6F10-5094B1D95C3A}
    {D97668E1-552E-4F5C-5A3E-4A5E8EB8C0A2}
    {E28523D5-6ED6-09F7-792C-4DDE287E1431}
  • Choose delete.
  • Exit Registrar Lite.
Restart your computer and post a new HiJackThis log.
  • 0

#13
mcmah2b0
Posted 28 July 2005 - 07:53 PM

mcmah2b0

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:51:21 PM, on 7/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.usadatanet.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.msn.com/
O2 - BHO: (no name) - {E28523D5-6ED6-09F7-792C-4DDE287E1431} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Global Startup: winlogin.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalr....4.2.block2.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



wouldn't let me get rid of the last one of the three
  • 0

#14
don77
Posted 29 July 2005 - 06:54 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Please click this link to download Silent Runners.
* Save it to the desktop.
* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
* You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
* Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP