Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

About:blank unchangeable home page [CLOSED]

Started by greenbayva , Jul 26 2005 01:31 PM

  • This topic is locked This topic is locked

#1
greenbayva
Posted 26 July 2005 - 01:31 PM

greenbayva

    New Member

  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.99.1
Scan saved at 3:15:42 PM, on 7/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\PROGRA~1\PEOPLE~1\propelac.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\knlwrap.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ikernel.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\PROGRA~1\ISP50\dialer\DIALER.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\WINDOWS\system32\addrs.exe
C:\Documents and Settings\End User\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fhhfr.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fhhfr.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\fhhfr.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fhhfr.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fhhfr.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fhhfr.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {E7E1386A-12D3-8E93-955B-0A8C7D74C8E0} - C:\WINDOWS\apifh.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1\PEOPLE~1\propelac.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [appwa32.exe] C:\WINDOWS\system32\appwa32.exe
O4 - HKLM\..\Run: [mfcen.exe] C:\WINDOWS\system32\mfcen.exe
O4 - HKLM\..\Run: [appmr.exe] C:\WINDOWS\system32\appmr.exe
O4 - HKLM\..\Run: [ntiz32.exe] C:\WINDOWS\system32\ntiz32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [addrs.exe] C:\WINDOWS\system32\addrs.exe
O4 - HKLM\..\RunOnce: [mfcdn.exe] C:\WINDOWS\mfcdn.exe
O4 - HKLM\..\RunOnce: [crnc.exe] C:\WINDOWS\system32\crnc.exe
O4 - HKLM\..\RunOnce: [apiml32.exe] C:\WINDOWS\apiml32.exe
O4 - HKLM\..\RunOnce: [addpd.exe] C:\WINDOWS\addpd.exe
O4 - HKLM\..\RunOnce: [sdkhq32.exe] C:\WINDOWS\sdkhq32.exe
O4 - HKLM\..\RunOnce: [ielz.exe] C:\WINDOWS\ielz.exe
O4 - HKLM\..\RunOnce: [mfcax32.exe] C:\WINDOWS\system32\mfcax32.exe
O4 - HKLM\..\RunOnce: [appey32.exe] C:\WINDOWS\appey32.exe
O4 - HKLM\..\RunOnce: [atlpr.exe] C:\WINDOWS\system32\atlpr.exe
O4 - HKLM\..\RunOnce: [creo32.exe] C:\WINDOWS\system32\creo32.exe
O4 - HKLM\..\RunOnce: [sysuw.exe] C:\WINDOWS\system32\sysuw.exe
O4 - HKLM\..\RunOnce: [atlya32.exe] C:\WINDOWS\system32\atlya32.exe
O4 - HKLM\..\RunOnce: [ntck32.exe] C:\WINDOWS\ntck32.exe
O4 - HKLM\..\RunOnce: [ipke.exe] C:\WINDOWS\ipke.exe
O4 - HKLM\..\RunOnce: [winvr.exe] C:\WINDOWS\system32\winvr.exe
O4 - HKLM\..\RunOnce: [mfcbz32.exe] C:\WINDOWS\system32\mfcbz32.exe
O4 - HKLM\..\RunOnce: [apiap.exe] C:\WINDOWS\apiap.exe
O4 - HKLM\..\RunOnce: [atljp.exe] C:\WINDOWS\system32\atljp.exe
O4 - HKLM\..\RunOnce: [sdkze32.exe] C:\WINDOWS\sdkze32.exe
O4 - HKLM\..\RunOnce: [mspm32.exe] C:\WINDOWS\mspm32.exe
O4 - HKLM\..\RunOnce: [crsq.exe] C:\WINDOWS\system32\crsq.exe
O4 - HKLM\..\RunOnce: [ntls32.exe] C:\WINDOWS\system32\ntls32.exe
O4 - HKLM\..\RunOnce: [apphs.exe] C:\WINDOWS\system32\apphs.exe
O4 - HKLM\..\RunOnce: [apirf32.exe] C:\WINDOWS\system32\apirf32.exe
O4 - HKLM\..\RunOnce: [sysuy.exe] C:\WINDOWS\sysuy.exe
O4 - HKLM\..\RunOnce: [addhv.exe] C:\WINDOWS\addhv.exe
O4 - HKLM\..\RunOnce: [d3gk32.exe] C:\WINDOWS\d3gk32.exe
O4 - HKLM\..\RunOnce: [ipea32.exe] C:\WINDOWS\system32\ipea32.exe
O4 - HKLM\..\RunOnce: [apier.exe] C:\WINDOWS\system32\apier.exe
O4 - HKLM\..\RunOnce: [ntei32.exe] C:\WINDOWS\ntei32.exe
O4 - HKLM\..\RunOnce: [msoi32.exe] C:\WINDOWS\system32\msoi32.exe
O4 - HKLM\..\RunOnce: [ipia.exe] C:\WINDOWS\system32\ipia.exe
O4 - HKLM\..\RunOnce: [ntnw.exe] C:\WINDOWS\system32\ntnw.exe
O4 - HKLM\..\RunOnce: [addbt.exe] C:\WINDOWS\addbt.exe
O4 - HKLM\..\RunOnce: [sdkve.exe] C:\WINDOWS\system32\sdkve.exe
O4 - HKLM\..\RunOnce: [netkt.exe] C:\WINDOWS\system32\netkt.exe
O4 - HKLM\..\RunOnce: [addvm32.exe] C:\WINDOWS\addvm32.exe
O4 - HKLM\..\RunOnce: [atlgx.exe] C:\WINDOWS\atlgx.exe
O4 - HKLM\..\RunOnce: [ipkb.exe] C:\WINDOWS\system32\ipkb.exe
O4 - HKLM\..\RunOnce: [msol.exe] C:\WINDOWS\msol.exe
O4 - HKLM\..\RunOnce: [javavc32.exe] C:\WINDOWS\javavc32.exe
O4 - HKLM\..\RunOnce: [ietk.exe] C:\WINDOWS\system32\ietk.exe
O4 - HKLM\..\RunOnce: [apppo32.exe] C:\WINDOWS\system32\apppo32.exe
O4 - HKLM\..\RunOnce: [ipbx32.exe] C:\WINDOWS\system32\ipbx32.exe
O4 - HKLM\..\RunOnce: [atlsn32.exe] C:\WINDOWS\atlsn32.exe
O4 - HKLM\..\RunOnce: [mfcrv.exe] C:\WINDOWS\mfcrv.exe
O4 - HKLM\..\RunOnce: [atlav.exe] C:\WINDOWS\system32\atlav.exe
O4 - HKLM\..\RunOnce: [ntps32.exe] C:\WINDOWS\ntps32.exe
O4 - HKLM\..\RunOnce: [d3ga32.exe] C:\WINDOWS\d3ga32.exe
O4 - HKLM\..\RunOnce: [javajd.exe] C:\WINDOWS\system32\javajd.exe
O4 - HKLM\..\RunOnce: [mfcit32.exe] C:\WINDOWS\mfcit32.exe
O4 - HKLM\..\RunOnce: [winyj.exe] C:\WINDOWS\system32\winyj.exe
O4 - HKLM\..\RunOnce: [winyl.exe] C:\WINDOWS\system32\winyl.exe
O4 - HKLM\..\RunOnce: [crch.exe] C:\WINDOWS\crch.exe
O4 - HKLM\..\RunOnce: [winmg32.exe] C:\WINDOWS\system32\winmg32.exe
O4 - HKLM\..\RunOnce: [crxy32.exe] C:\WINDOWS\system32\crxy32.exe
O4 - HKLM\..\RunOnce: [addbi.exe] C:\WINDOWS\system32\addbi.exe
O4 - HKLM\..\RunOnce: [craq32.exe] C:\WINDOWS\system32\craq32.exe
O4 - HKLM\..\RunOnce: [appgf.exe] C:\WINDOWS\system32\appgf.exe
O4 - HKLM\..\RunOnce: [iezf32.exe] C:\WINDOWS\iezf32.exe
O4 - HKLM\..\RunOnce: [sysyn.exe] C:\WINDOWS\system32\sysyn.exe
O4 - HKLM\..\RunOnce: [systh32.exe] C:\WINDOWS\system32\systh32.exe
O4 - HKLM\..\RunOnce: [javaxd32.exe] C:\WINDOWS\system32\javaxd32.exe
O4 - HKLM\..\RunOnce: [ntvg.exe] C:\WINDOWS\system32\ntvg.exe
O4 - HKLM\..\RunOnce: [addug32.exe] C:\WINDOWS\system32\addug32.exe
O4 - HKLM\..\RunOnce: [ntbv32.exe] C:\WINDOWS\ntbv32.exe
O4 - HKLM\..\RunOnce: [addjd32.exe] C:\WINDOWS\addjd32.exe
O4 - HKLM\..\RunOnce: [appvc32.exe] C:\WINDOWS\appvc32.exe
O4 - HKLM\..\RunOnce: [addea32.exe] C:\WINDOWS\system32\addea32.exe
O4 - HKLM\..\RunOnce: [ieoa.exe] C:\WINDOWS\ieoa.exe
O4 - HKLM\..\RunOnce: [sysux32.exe] C:\WINDOWS\system32\sysux32.exe
O4 - HKLM\..\RunOnce: [addix32.exe] C:\WINDOWS\system32\addix32.exe
O4 - HKLM\..\RunOnce: [ipyu.exe] C:\WINDOWS\ipyu.exe
O4 - HKLM\..\RunOnce: [nethf32.exe] C:\WINDOWS\nethf32.exe
O4 - HKLM\..\RunOnce: [d3eu32.exe] C:\WINDOWS\system32\d3eu32.exe
O4 - HKLM\..\RunOnce: [atlib.exe] C:\WINDOWS\system32\atlib.exe
O4 - HKLM\..\RunOnce: [javacn.exe] C:\WINDOWS\system32\javacn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [dlmMgr] "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements

#2
Rawe
Posted 26 July 2005 - 01:37 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome. You have loads of stuff there.. Let's get your browser back first though.

Please print these instructions out, or write them down, as you can't read them during the fix.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Now run CleanUp! Click CleanUp and allow it to delete all the temporary files. REBOOT!!

Please run an free online anti-virus scan; Kaspersky or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.

- Rawe :tazz:
  • 0

#3
greenbayva
Posted 26 July 2005 - 02:59 PM

greenbayva

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
hey there, thank you SOOOO much for your help, but I still have the about:blank page thing and AVG Free addition us telling me I have A "trojan horse desktop" virus 19.AO whatever that is...anyway I am not a computer person and I will take ANY suggestions you have from here, thank you again...here is the new hijacklog
:tazz:

Logfile of HijackThis v1.99.1
Scan saved at 4:59:12 PM, on 7/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\PROGRA~1\PEOPLE~1\propelac.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\WINDOWS\system32\sdkvm.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\PROGRA~1\ISP50\dialer\DIALER.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\End User\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hdnkk.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hdnkk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hdnkk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hdnkk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hdnkk.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hdnkk.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {FEF0E647-5524-FA9E-07CF-AF79EE6770A0} - C:\WINDOWS\system32\apiar32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1\PEOPLE~1\propelac.exe"
O4 - HKLM\..\Run: [appmr.exe] C:\WINDOWS\system32\appmr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [sdkvm.exe] C:\WINDOWS\system32\sdkvm.exe
O4 - HKLM\..\RunOnce: [mfcdn.exe] C:\WINDOWS\mfcdn.exe
O4 - HKLM\..\RunOnce: [mfcit32.exe] C:\WINDOWS\mfcit32.exe
O4 - HKLM\..\RunOnce: [crhd32.exe] C:\WINDOWS\system32\crhd32.exe
O4 - HKLM\..\RunOnce: [crwa32.exe] C:\WINDOWS\crwa32.exe
O4 - HKLM\..\RunOnce: [msvg.exe] C:\WINDOWS\system32\msvg.exe
O4 - HKLM\..\RunOnce: [apiqp32.exe] C:\WINDOWS\apiqp32.exe
O4 - HKLM\..\RunOnce: [sysmp.exe] C:\WINDOWS\sysmp.exe
O4 - HKLM\..\RunOnce: [netoo.exe] C:\WINDOWS\netoo.exe
O4 - HKLM\..\RunOnce: [ipdo32.exe] C:\WINDOWS\system32\ipdo32.exe
O4 - HKLM\..\RunOnce: [sysbk32.exe] C:\WINDOWS\system32\sysbk32.exe
O4 - HKLM\..\RunOnce: [sdkpn32.exe] C:\WINDOWS\sdkpn32.exe
O4 - HKLM\..\RunOnce: [winyt.exe] C:\WINDOWS\winyt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [dlmMgr] "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2293A6C-5845-4C89-B1D4-3200E195CF11}: NameServer = 209.244.0.3 209.244.0.4
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\mfcdn.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
Rawe
Posted 27 July 2005 - 03:58 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again..
Hmm, looks like you forgot few logs ;)
Can you please post SpSeHjfix, about:buster & the online scan logs, I really need those.

If you didn't save them.. Please follow the same instructions again.

- Rawe :tazz:
  • 0

#5
greenbayva
Posted 27 July 2005 - 07:52 PM

greenbayva

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
7/27/05 4:34:52 PM) SPSeHjFix started v1.1.2
(7/27/05 4:34:52 PM) OS: WinXP Service Pack 2 (5.1.2600)
(7/27/05 4:34:52 PM) Language: english
(7/27/05 4:34:52 PM) Win-Path: C:\WINDOWS
(7/27/05 4:34:52 PM) System-Path: C:\WINDOWS\system32
(7/27/05 4:34:52 PM) Temp-Path: C:\DOCUME~1\ENDUSE~1\LOCALS~1\Temp\
(7/27/05 4:34:55 PM) Disinfection started
(7/27/05 4:34:55 PM) Bad-Dll(IEP): (not found)
(7/27/05 4:34:55 PM) Bad-Dll(IEP) in BHO: (not found)
(7/27/05 4:34:55 PM) UBF: 5 - UBB: 0 - UBR: 37
(7/27/05 4:34:55 PM) UBF: 5 - UBB: 0 - UBR: 37
(7/27/05 4:34:55 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL:
(7/27/05 4:34:55 PM) Stealth-String not found
(7/27/05 4:34:55 PM) Not infected->END



AboutBuster 5.0 reference file 31
Scan started on [7/27/2005] at [4:25:12 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\KB839645.log:azvzuk
Removed Stream! C:\WINDOWS\KB840374.log:clwpc
Removed Stream! C:\WINDOWS\KB842773.log:dagsrx
Removed Stream! C:\WINDOWS\_default.pif:frgrav
Removed Stream! C:\WINDOWS\_default.pif:idqrga
Removed Stream! C:\WINDOWS\_default.pif:molgn
------------------------------------------------
Removed File! : C:\Windows\fmxks.dat
Removed File! : C:\Windows\iwxcy.dat
Removed File! : C:\Windows\System32\xfxrs.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 4:25:50 PM



Logfile of HijackThis v1.99.1
Scan saved at 9:48:34 PM, on 7/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\d3os32.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\PROGRA~1\PEOPLE~1\propelac.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\PROGRA~1\ISP50\dialer\DIALER.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\End User\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ipxyi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ipxyi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ipxyi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ipxyi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ipxyi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ipxyi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {C5DD24AA-44CE-3AF3-2B3D-6EB6F2ECB4A6} - C:\WINDOWS\sysrq.dll
O2 - BHO: Class - {E631A3AF-2375-8D4C-66B1-AAB77C548825} - C:\WINDOWS\addwf32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1\PEOPLE~1\propelac.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [atlul32.exe] C:\WINDOWS\atlul32.exe
O4 - HKLM\..\Run: [d3os32.exe] C:\WINDOWS\d3os32.exe
O4 - HKLM\..\RunOnce: [mfcdn.exe] C:\WINDOWS\mfcdn.exe
O4 - HKLM\..\RunOnce: [crhd32.exe] C:\WINDOWS\system32\crhd32.exe
O4 - HKLM\..\RunOnce: [ipkt.exe] C:\WINDOWS\system32\ipkt.exe
O4 - HKLM\..\RunOnce: [netcs.exe] C:\WINDOWS\system32\netcs.exe
O4 - HKLM\..\RunOnce: [crdx32.exe] C:\WINDOWS\crdx32.exe
O4 - HKLM\..\RunOnce: [msve32.exe] C:\WINDOWS\msve32.exe
O4 - HKLM\..\RunOnce: [winax.exe] C:\WINDOWS\winax.exe
O4 - HKLM\..\RunOnce: [appcm32.exe] C:\WINDOWS\system32\appcm32.exe
O4 - HKLM\..\RunOnce: [javapd32.exe] C:\WINDOWS\system32\javapd32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [dlmMgr] "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2293A6C-5845-4C89-B1D4-3200E195CF11}: NameServer = 209.244.0.3 209.244.0.4
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\mfcdn.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


here is the SpSEHjfix112, About Buster, and last Hijack log... thank you so much for helpin me out here. I am pretty much lost without it. take care and let me know what you think.
  • 0

#6
Rawe
Posted 28 July 2005 - 05:59 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok, we have to see what Ewido can do about it.

Please print these instructions out, or write them down, as you can't read them during the fix.

Download
CleanUp

Run the CleanUp! installer and get the program ready to be used but don't run it yet.

First;

Please download Ewido Security Suite it is a free version of the program.
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch Ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update Ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
  • Exit Ewido. DO NOT run a scan yet.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates


Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Now open Ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE; During some scans with Ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If Ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found, select none for now as the action.
    • Make sure to fix all entries you KNOW to be bad.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Run CleanUp!
making sure to reboot when prompted.

Boot up into normal mode, run this free online scan;
Trend Micro
Use the "Auto-clean" option and let it fix anything it finds. Copy & paste the results to your next reply.

Run a new scan with HiJackThis and post the fresh log here along with the Ewido & Trend Micro log.

- Rawe :tazz:
  • 0

#7
greenbayva
Posted 29 July 2005 - 02:38 PM

greenbayva

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
dear god, I think we have killed it! I got my browser back and everything seems to be fine now :tazz: . ewido might be the best thing ever! thank you soooo much for your help. I attached a hijack scan just in case I missed anything, but anyway thank you again for everything.

greenbayva



ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:03:41 PM, 7/28/2005
+ Report-Checksum: 97245979

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{1C1F1B09-C5DE-0C47-B128-B83F5668EB83} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38EA95B6-06DF-844E-6763-813A152D6F74} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3A1550DD-FD7B-8D6E-989A-49A66DF1433F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{63DCBFC8-9F1C-3DA5-A957-E5BCF32589B1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67D02480-710B-80D7-0624-27BB57B32CDE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{70E73AF1-AC3E-FA73-4C8A-A3BD8E97D794} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{742CF04D-EE46-1423-E899-B91C547ABC20} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7868EC16-8C67-1DBD-6D5A-EBB325881BD9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{786A41BB-009D-DD27-EA3E-15DCD01EC75C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A1BD0D9E-655B-CB60-6F75-1DFC720AEAB9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BD9A8BB0-8BF8-EC2E-5A23-8010E127E35B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1177238915-790525478-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70E73AF1-AC3E-FA73-4C8A-A3BD8E97D794} -> Spyware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\End User\Cookies\end user@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\End User\Cookies\end user@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\WINDOWS\addbt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addct32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addhv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addjd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addsd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addub.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addvm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addwf32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addwm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ajzvp.txt:cugge -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\aolback.exe.lnk:piwdr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apiap.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apica32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apifh.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apihv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apijk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apijm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apill32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apiml32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apioi32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apipc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiqp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apirj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apitf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiti32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appbz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appcy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appei32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appey32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appgb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appgq.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appgq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apphg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appia32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appia32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appsl.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appvc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appwh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlbr32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlgx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atloq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlrj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlsn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlvh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\control.ini:mjsar -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\control.ini:owgpd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\crbd32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crch.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crdx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crfi32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\criw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crnm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crsc.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\crwa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ac.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ch.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3dp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ga32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3gk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3mc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3nv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3oc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3os32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\d3os32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3qu32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3uk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\desktop.ini:vikqz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ekpib.txt:pbyrje -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ekpib.txt:pfuap -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ekpib.txt:xkahd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\hlbzr.txt:guqks -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ielz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieoa.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iezf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ifrsn.txt:fxnnq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ifrsn.txt:smwfu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipfw32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ipke.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipou.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ippz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipyt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipyu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javadp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaen32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javafa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javagj32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javaor.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaqm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javatk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javatx32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javatx32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javaub.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaut.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javavc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javazj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\llcol.txt:qysaq -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfccz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcdn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfceo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcfm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcih32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcit32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfckv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcnu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcrv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcsv.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfcvm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msat32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msjs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msng32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msol.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mspm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msve32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msxd.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\NeroDigital.ini:mjwczt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netec.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\nethf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netoo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netpj32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ntbtlog.txt:ahfdr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntbv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntck32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntei32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntgh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntmi32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntpq.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ntps32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntqr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:yeiugl -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:inven -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sdkhq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkog.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkpn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkqo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkqz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkyq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkze32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\setuplog.txt:ixtew -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\setuplog.txt:lpywk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\syscd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysgl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syski32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysmp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysmp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysrq.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32:vdaa.dll -> TrojanDownloader.Small.azk : Cleaned with backup
C:\WINDOWS\system32\addbi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addea32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addix32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addnz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addov32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addpf.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\addug32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apier.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apige.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apihc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apimt32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\apimt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apipj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apirf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiym32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appai.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appbp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appcm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appfu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appgf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apphs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appim32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appiq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\appjf.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\appjf.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\applo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appob32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apppo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appqp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appxk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appzm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appzq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlaq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlav.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlbf.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atldx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlib.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atljp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlkq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlpr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlvu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlvv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlya32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlzx.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\craq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crci.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\crci.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crcz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\creo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crhd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crhf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crnc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crqk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crsq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crxy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3eg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3eu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3hp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3jk32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3rl32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\d3vi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iebk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iefz.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\iehl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iepg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ietk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ievx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieyx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iezf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipaw32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\ipaw32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ipbx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipdo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipea32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iphm.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\iphs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipia.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipkb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipki.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipkt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipkv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipsq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipsx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javacn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javagn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javajd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaos.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javapd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javarh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javavj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaxd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javazr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcax32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcbt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcbt32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\mfcbz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcee32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcqg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcqm.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\mfcwa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfczp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msag32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msbn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mscs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msjg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msmy32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\msoi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msqx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msvg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msvu.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\netcs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\nethf.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netkt.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\netkt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netlf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netme.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\netwg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntea32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntjr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntkt32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\ntls32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntmh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntnw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\nttn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\nttn32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntvg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkaj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkci32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkgq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkkg32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkks32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sdknn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkuv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkve.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysbk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysec32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysex32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysfq.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\syskg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysko.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syssc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syssd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\systh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysuj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysuw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysux32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysyn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winay.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winmg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winnr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winue.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winuz32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winvr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winyj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winyl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\systk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysuo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysuy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysvl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\uciba.txt:edbce -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\uciba.txt:foewq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vbaddin.ini:dmmuq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vbaddin.ini:qpqoe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vbaddin.ini:ucxlf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\vbaddin.ini:wgrhy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\VPC32.INI:mqqge -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wdxhf.txt:jvdnr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\win.ini:mlput -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\win.ini:morsee -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winamp.ini:feavc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winamp.ini:jftzlq -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winamp.ini:tokqp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\winamp.ini:wdxhfr -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winamp.ini:xwtyu -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\winax.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winbp.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wincc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winim32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winja.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winla32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winmk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winud.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winyt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\xccax.txt:vzbzr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:aitcf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:aitcfv -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_default.pif:ammmtj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:amsfl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:atdni -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:auxdp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:auxdps -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:axofc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:bagsn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:bcwjg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:bfxmvc -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_default.pif:boxgj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:brsrg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:btnzf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:btnzfk -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_default.pif:byrts -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:cexcy -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:cihxj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:cjpwgv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ckucf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:cxntxg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:cydge -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:dbdlen -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:dfqpm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:dgwlnx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:dohcj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:dvtip -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:dydvl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ebnbp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:ehtlv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:ekkhc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:evykb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:eyajp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:fdspi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:foszb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:frgra -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:fudihs -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:fwxxa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:fxney -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:fxqfu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:fyqov -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:gatere -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:gbbhh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:gchtn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:gjvjv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:glpqs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:gntsa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:gvyju -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:hbzrh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:hbzrhf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:hcbfd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:hezhs -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:hgmmz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:hkrcut -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:hlbzrz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:hstga -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:hzmum -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:iafnw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:ibsvl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:icfxw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ihmsdp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ijbjr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:jbbvt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:jdnzd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:jeozhx -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_default.pif:jlqvm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:jmbqo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:jwtjh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:jxktk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:kcwnz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:kdmjo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:kqjew -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ksfol -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:kxzwta -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_default.pif:lflftn -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_default.pif:llmun -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:luhxx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:lviol -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:mhzmh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:mldgy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:mmbgi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:mqarx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:msyao -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:mtvku -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:mueqd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:mujkj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:mwqmg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:myomg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:mytawf -> TrojanDownloader.Agent.bq : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 4:33:02 PM, on 7/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\PROGRA~1\PEOPLE~1\propelac.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\ISP50\bin\bartshel.exe
C:\PROGRA~1\ISP50\dialer\DIALER.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\End User\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\keucq.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\keucq.dll/sp.html#55135
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jmu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\keucq.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\keucq.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\keucq.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\keucq.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {E631A3AF-2375-8D4C-66B1-AAB77C548825} - C:\WINDOWS\addwf32.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1\PEOPLE~1\propelac.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [atlul32.exe] C:\WINDOWS\atlul32.exe
O4 - HKLM\..\Run: [d3os32.exe] C:\WINDOWS\d3os32.exe
O4 - HKLM\..\Run: [javatx32.exe] C:\WINDOWS\javatx32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [dlmMgr] "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2293A6C-5845-4C89-B1D4-3200E195CF11}: NameServer = 209.244.0.3 209.244.0.4
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\mfcdn.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#8
Rawe
Posted 29 July 2005 - 03:00 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok.. Looking a lot better. But still we have to do some fixing;

Run HiJackThis and check the following objects for removal;

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\keucq.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\keucq.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\keucq.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\keucq.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\keucq.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\keucq.dll/sp.html#55135
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {E631A3AF-2375-8D4C-66B1-AAB77C548825} - C:\WINDOWS\addwf32.dll (file missing)
O4 - HKLM\..\Run: [atlul32.exe] C:\WINDOWS\atlul32.exe
O4 - HKLM\..\Run: [d3os32.exe] C:\WINDOWS\d3os32.exe
O4 - HKLM\..\Run: [javatx32.exe] C:\WINDOWS\javatx32.exe

Close any other open windows and/or open browsers, making sure that only HJT is running. Make sure they are checked - hit "Fix Checked".

Boot into Safe Mode.

Run Ewido and let it fix anything (if it finds anything.)

Find the following files and delete if present;

C:\WINDOWS\atlul32.exe
C:\WINDOWS\d3os32.exe
C:\WINDOWS\javatx32.exe

Run CleanUp!
and reboot into normal mode. Post a fresh HiJackThis log here for me.

- Rawe :tazz:
  • 0

#9
Rawe
Posted 31 July 2005 - 09:10 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
And to add;
I want to see this online scans results;
Panda Activescan

Let it fix anything it can and post the results here along with the fresh HiJackThis log.

- Rawe :tazz:
  • 0

#10
ScHwErV
Posted 15 August 2005 - 12:54 PM

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP