Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Tons of Malware programs! [RESOLVED]

Started by codyneslen , Aug 05 2005 12:12 PM

This topic is locked

#1
codyneslen

Posted 05 August 2005 - 12:12 PM

New Member

Member
8 posts

Logfile of HijackThis v1.99.1
Scan saved at 11:07:40 AM, on 8/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\kpnjlh.exe
C:\WINDOWS\system32\wintask.exe
C:\WINDOWS\system32\vidctrl\vidctrl.exe
C:\WINDOWS\system32\idqctr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\rtib\hrme.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Cas\Client\casclient.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\CODYNE~1\LOCALS~1\Temp\sysnet.exe
C:\WINDOWS\system32\adk07sdr.exe
C:\Program Files\HiJackTHis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.sho...5203&id=1.20030
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.sho...5203&id=1.20030
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.sho...5203&id=1.20030
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.sho...5203&id=1.20030
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.sho...5203&id=1.20030
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.sho...5203&id=1.20030
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\ttext.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: SDWin32 Class - {70027499-2867-4DBB-8373-9B023AC7A856} - C:\WINDOWS\system32\pjnum.dll (file missing)
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINDOWS\system32\tepvipno.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nsg42.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Rebate Retriever] C:\Program Files\Rebate Retriever\RebateRetriever.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\kpnjlh.exe reg_run
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SystemService] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [o74g3sW] idqctr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mscin] C:\WINDOWS\system32\m190309.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\system32\lanbrup.exe
O4 - HKLM\..\Run: [adk07sdr] C:\WINDOWS\system32\adk07sdr.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\CODYNE~1\LOCALS~1\Temp\sysnet.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mbot] C:\Program Files\rtib\hrme.exe
O4 - HKCU\..\Run: [ZwvmRia5j] iasconns.exe
O4 - HKCU\..\Run: [Qjsce] C:\WINDOWS\system32\r?gedit.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Luhr] C:\WINDOWS\system32\n?lookup.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - Startup: WASTE.lnk = C:\Program Files\WASTE\WASTE.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMAPP\Client\cmappmf.dll
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\pxlstore.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Cadence License Manager - GLOBEtrotter Software Inc. - C:\OrCAD\license_manager\lmgrd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

#2
Rawe

Posted 05 August 2005 - 12:22 PM

Visiting Staff

Member
4,746 posts

Hello and welcome.

Please print these instructions out, or write them down, as you can't read them during the fix. Be sure to ask any questions before proceeding the fix.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Download CleanUp!

Run the CleanUp! installer and get the program ready to be used but don't run it yet.

Now do this;

Click Start => Run => and type in;

services.msc

Click "OK".

In the services window find service; System Startup Service (SvcProc)

Right-click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then "Ok". Exit the Services utility.

Open HiJackThis
Click on the configure button on the bottom right
Click on the tab "Misc Tools"
Click on "delete an NT service"
Copy and paste this in: SvcProc
Click "ok", then reboot

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Run a scan with HiJackThis and check the following object for removal;

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Close any other open windows and/or open browsers, making sure that only HiJackThis is running. Make sure that the above mentioned objects are all checked, then hit "Fix Checked".

Launch Ad-aware and do a Full System Scan. Remove all it finds.

Now launch Ewido and do a scan of your system.

Click on scanner
Click on Complete System Scan and the scan will begin.
Clean anything it finds.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.

Close Ewido

Run CleanUp! but don't reboot yet.

Open HiJackThis
Click on the configure button on the bottom right
Click on the tab "Misc Tools"
Click on "Delete File on Reboot"
Navigate to this file - C:\WINDOWS\svcproc.exe
Double click on that file.
HJT asks you if you want to reboot, now. Click "Yes".

Boot up into normal mode and run the following online scan;

Trend Micro

Let it fix anything it can, and post the results along with a fresh HijackThis log & the Ewido log.

- Rawe :tazz:

#3
codyneslen

Posted 05 August 2005 - 12:39 PM

New Member

Topic Starter
Member
8 posts

Before i install and run ewido, should i turn off symantec or is that ok that i leave it on? and i have run tons and tons of adware SE scans, its finds a bunch of stuff and delets it but it doesnt seem to help. Thanks for your help so far and i will begin the fix.

#4
Rawe

Posted 05 August 2005 - 12:42 PM

Visiting Staff

Member
4,746 posts

You can leave your anti-virus on, but be sure to read Ewido setup instructions carefully from the site. Disable Ewido's background guard when installed. For Ad-aware, can you also make this setting change (Update it and read the Ad-aware setup link too);
Click on Tweak => Cleaning engine => UNcheck "Always try to unload modules before deletion".

I'm quite sure Ad-aware can manage to take care of the items it finds in Safe Mode with the settings on the page + this one here.

Get started then.

- Rawe

#5
codyneslen

Posted 05 August 2005 - 10:59 PM

New Member

Topic Starter
Member
8 posts

Hey, i tried everything you said, except i coudlnt find the file scvproc.exe to "delete on reboot". Other than that i found a ton of stuff with all 3 programs and the online scan and said it got rid of it but i still got a bunch of pop-ups and stuff. I also have programs in my MsConfig that shouldnt be there still too like pokapoka62 and rebate buddy, so the programs are still loaded somewhere. Here are the two logs for ya, any more advice to offer?

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:51:25 PM, 8/5/2005
+ Report-Checksum: E32E7705

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\SafeSurfing -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\SafeSurfing\System -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
[220] C:\WINDOWS\system32\pxlstore.dll -> Spyware.Look2Me : Error during cleaning
[660] C:\WINDOWS\system32\cvmaddin.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\!update.exe -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\1180734_2356_3836_2992_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\12321292_2356_3836_1084_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\1246246_2356_3836_1892_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\13042722_2552_3100_896_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\1311710_2552_3100_2272_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\131310_2264_2068_2364_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\1376502_1248_3836_1364_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\1377850_2356_3836_1684_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\1508630_2356_3836_3196_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\1642190_2552_3100_5788_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\1967706_2552_3100_2092_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\200944_2552_3100_4724_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\2426184_2552_3100_172_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\2426678_2356_3836_2180_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\2490924_2080_2168_2732_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\2492272_2356_3836_1396_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\3015338_2552_3100_2728_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\3146078_2552_3100_1164_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\3212858_2356_3836_2336_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\329320_2356_3836_1768_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\3868516_2356_3836_244_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\394762_2356_3836_3920_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\394964_2356_3836_2560_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\43319654_1248_3836_2268_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\460642_2356_3836_2488_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\525666_2552_3100_3552_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\6096770_2356_3836_3076_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\6554924_2552_3100_3280_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\723180_2552_3100_1740_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\724808_2552_3100_1996_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\725154_2552_3100_2440_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\787564_2552_3100_4072_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\9241884_2356_3836_2220_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\b.com -> Spyware.AdURL : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\Cookies\cody neslen@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\Cookies\cody [email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\Cookies\cody [email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\Cookies\cody neslen@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\Cookies\cody neslen@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\Cookies\cody neslen@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\labpengs.tmp -> Spyware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\temp.fr41B8 -> TrojanDownloader.Intexp.c : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\temp.fr8FB7 -> Spyware.BargainBuddy : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\Temporary Internet Files\Content.IE5\4F5J22ZL\AppWrap[1].exe -> Spyware.AdURL : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\Temporary Internet Files\Content.IE5\5BDSM3HS\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\Temporary Internet Files\Content.IE5\6O41O3JA\!update-2254[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\Temporary Internet Files\Content.IE5\TFZN99SA\!update-2195[1].0000 -> TrojanDownloader.Agent.df : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\Temporary Internet Files\Content.IE5\WXYZGHM7\pokapoka62[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temp\upd206.exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\3M45M5CP\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\3M45M5CP\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\4VJZQKXL\abiuninst[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\4VJZQKXL\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\5OHDNTHJ\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\5OHDNTHJ\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\5OHDNTHJ\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\5OHDNTHJ\AppWrap[4].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\7ZDXPH9E\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\CHY7G9UJ\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\CL8PEB89\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\CL8PEB89\upd209[1].exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\CVRNYWT9\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\CVRNYWT9\AppWrap[2].exe -> Spyware.AdURL : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\F6CVND4D\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\GH6JOP2V\aurora[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\GTQR092B\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\HVZFDHS2\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\HVZFDHS2\upd208[1].exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\IG8VXH0H\ActiveX[1].ocx -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\JRTNJP0W\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\JRTNJP0W\AuroraHandler[1].dll -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\O7PJU6J1\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\O7PJU6J1\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\O7PJU6J1\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\Q5FS9SNQ\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\Q5FS9SNQ\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\Q5FS9SNQ\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\Q5FS9SNQ\AppWrap[4].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\Q5FS9SNQ\Installer[1].exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\SZ9R6UN1\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\SZ9R6UN1\upd207[1].exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\SZ9R6UN1\upd207[2].exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\Y70ZPQFU\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\Y70ZPQFU\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\YAAHD14Q\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Cody Neslen\Local Settings\Temporary Internet Files\Content.IE5\YAAHD14Q\upd206[1].exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1SG2VY58\!update-2134[1].0000 -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\918V5YKX\!update-2144[1].0000 -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RGIQI2UY\!update-2114[1].0000 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\CasStub\casstub.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\30su7bm7.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ActiveX.ocx -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\icont.exe -> Spyware.AdURL : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system\UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\adk07sdr.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\system32\AUNPS2.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\cmmuid.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\conres.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\cvmaddin.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dFdxof.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dlvacm.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dpband.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dzocx.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\e6f1873b.dll -> TrojanDownloader.Braidupdate.d : Cleaned with backup
C:\WINDOWS\system32\exp.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\idqctr.exe -> Spyware.Apropos : Cleaned with backup
C:\WINDOWS\system32\igseng.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\iwfosoft.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\j1a47sh4.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\kfdsp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lanbrup.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\mdvbvm60.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mfvcrt20.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mxiavi32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\nqwrszht.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\nsvsvc\nsv.ocx -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\system32\nsvsvc\nsvs.dll -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\system32\pbd.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\pjnumf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\PopOops.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\system32\PopOops2.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\system32\pqflbmsg.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\PvpOops.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\rWstls.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ssoolss.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\SWLAD1.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\system32\SWLAD2.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\system32\tccfgwmi.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\vidctrl\vidctrl.exe -> Spyware.DelphinMediaViewer : Cleaned with backup
C:\WINDOWS\system32\wdnmm.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wintask.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\WINDOWS\system32\wqiprop.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\WsanApp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\!update.exe -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\WINDOWS\Temp\Cookies\cody [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\cody [email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\cody neslen@goldenpalace[2].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\WINDOWS\Temp\Cookies\cody neslen@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\WINDOWS\Temp\Cookies\cody neslen@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Del6D.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\Temp\Del7E.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\Temp\Del91.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Temp\DelAD.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Temp\res6E.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Temp\res7F.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CH43ONOV\!update-2274[1].0000 -> Spyware.MediaTickets : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ET0J6XEH\!update-2244[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\T04FKC5P\!update-2164[1].0000 -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\TXH54YT9\!update-2234[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\WINDOWS\Temp\upd207.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\upd208.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\upd209.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\visfxun.exe -> TrojanDownloader.VB.kd : Cleaned with backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 9:58:43 PM, on 8/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\kpnjlh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackTHis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.sho...5203&id=1.20030
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.sho...5203&id=1.20030
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\kpnjlh.exe reg_run
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mbot] C:\Program Files\rtib\hrme.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMAPP\Client\cmappmf.dll
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\pxlstore.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Cadence License Manager - GLOBEtrotter Software Inc. - C:\OrCAD\license_manager\lmgrd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#6
Rawe

Posted 06 August 2005 - 05:49 AM

Visiting Staff

Member
4,746 posts

Looks a loads better there

Can you please run the following online scan (let it fix anything it can);
Panda Activescan

Post the results for me.

- Rawe :tazz:

#7
codyneslen

Posted 06 August 2005 - 03:20 PM

New Member

Topic Starter
Member
8 posts

Here is the results, although since i dont own the "plus" version or whatever it is it didnt clean them. Just so u know, im getting a ton of "Winfixer" (along with others too, but i saw an earlier post about winfixer so i thought maybe it was a big one)

Incident Status Location

Adware:Adware/eZula No disinfected C:\Documents and Settings\Cody Neslen\Start Menu\Programs\TopText iLookup\My Keywords.lnk
Adware:Adware/eZula No disinfected C:\Documents and Settings\Cody Neslen\Start Menu\Programs\TopText iLookup\My Preferences.lnk
Adware:Adware/eZula No disinfected C:\Documents and Settings\Cody Neslen\Start Menu\Programs\TopText iLookup\TopText Button Show - Hide.lnk
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\ProxyStub.dll
Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\Cas\Client\casclient.exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\Cas\Client\casmf.dll
Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\Cas\Client\Uninstall.exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\CMAPP\Client\cmappmf.dll
Adware:Adware/eZula No disinfected C:\Program Files\eZula\CHCON.dll
Adware:Adware/eZula No disinfected C:\Program Files\eZula\seng.dll
Spyware:Spyware/ShopNav No disinfected C:\Program Files\eZula\ttupt.exe

Edited by codyneslen, 06 August 2005 - 03:21 PM.

#8
Rawe

Posted 06 August 2005 - 03:28 PM

Visiting Staff

Member
4,746 posts

Ok, let's continue then.

Please print these instructions out, or write them down, as you can't read them during the fix. Be sure to ask any questions before proceeding the fix.

Get CleanUp! ready to be used, I presume you haven't uninstalled it yet. If you have done that, please redownload it.

Next, please reboot your computer in Safe Mode by doing the following;

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Using Windows Explorer, locate the following files/folders and delete if present;

C:\Documents and Settings\Cody Neslen\Start Menu\Programs\TopText iLookup\ <= Entire Folder
C:\Program Files\Aprps\ <= Entire Folder
C:\Program Files\Cas\Client\ <= Entire Folder
C:\Program Files\CMAPP\Client\cmappmf.dll
C:\Program Files\eZula\ <= Entire Folder

Run CleanUp! and reboot. Boot up into normal mode;

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
Double-click the file to install it as follows:
- Click "Next", read the agreement, Click "Next"
- Choose "Custom" click "Next".
- Leave the default installation directoy as it is, then click "Next".
- UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
- On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
- Finally, click "Install"
Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Disable SpySweeper Shields
- Click Shields on the left.
- Click Internet Explorer and uncheck all items.
- Click Windows System and uncheck all items.
- Click Startup Programs and uncheck all items.
Once the definitions are installed and shields disabled, click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.

Post the SpySweeper session log here along with a fresh HiJackThis log.

- Rawe :tazz:

#9
ukbiker

Posted 07 August 2005 - 12:29 AM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi There codyneslen

I will be taking over from Rawe on this log. Let me have a read through the history and get familiar with it and then I will post again. :tazz:

UKBiker

#10
codyneslen

Posted 07 August 2005 - 01:55 PM

New Member

Topic Starter
Member
8 posts

Hi UKBiker, thanks for offering your help (and thanks Rawe for everything so far). Im still having a lot of probs, i did what rawe said and i still get winfixer opening all the time. Here are the two logs he said to post next. Also, for some reason, when i restarted my computer into normal mode, the "style" or whatever is is called changed from the XP Blue rounded style back to the old square grey style of the older windows, just so you. I know how to change it back so its not a problem, but i didnt know if it made a difference.

********
10:52 AM: |··· Start of Session, Sunday, August 07, 2005 ···|
10:52 AM: Spy Sweeper started
10:52 AM: Sweep initiated using definitions version 511
10:52 AM: Starting Memory Sweep
10:52 AM: Warning: Failed to check file "C:\WINDOWS\system32\newrszht.dll". Cannot open file "C:\WINDOWS\system32\newrszht.dll". The process cannot access the file because it is being used by another process
10:52 AM: Found Adware: icannnews
10:52 AM: Detected running threat: C:\WINDOWS\system32\newrszht.dll (ID = 51)
10:52 AM: Warning: Failed to check file "C:\WINDOWS\system32\pxlstore.dll". Cannot open file "C:\WINDOWS\system32\pxlstore.dll". The process cannot access the file because it is being used by another process
10:52 AM: Detected running threat: C:\WINDOWS\system32\pxlstore.dll (ID = 51)
10:54 AM: Warning: Failed to check file "C:\WINDOWS\system32\newrszht.dll". Cannot open file "C:\WINDOWS\system32\newrszht.dll". The process cannot access the file because it is being used by another process
10:56 AM: Memory Sweep Complete, Elapsed Time: 00:03:59
10:56 AM: Starting Registry Sweep
10:56 AM: Found Adware: addestroyer
10:56 AM: HKCR\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b}\ (13 subtraces) (ID = 102729)
10:56 AM: HKLM\software\classes\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b}\ (13 subtraces) (ID = 102738)
10:56 AM: Found Adware: apropos
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\aprps\ (7 subtraces) (ID = 103740)
10:56 AM: HKLM\software\aprps\ (8 subtraces) (ID = 103741)
10:56 AM: Found Adware: begin2search
10:56 AM: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095)
10:56 AM: Found Adware: hotsearchbar toolbar
10:56 AM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
10:56 AM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
10:56 AM: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097)
10:56 AM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
10:56 AM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
10:56 AM: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099)
10:56 AM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
10:56 AM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
10:56 AM: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101)
10:56 AM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
10:56 AM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
10:56 AM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
10:56 AM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
10:56 AM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
10:56 AM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
10:56 AM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
10:56 AM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
10:56 AM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
10:56 AM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
10:56 AM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
10:56 AM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
10:56 AM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
10:56 AM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
10:56 AM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
10:56 AM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
10:56 AM: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145)
10:56 AM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
10:56 AM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
10:56 AM: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147)
10:56 AM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
10:56 AM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
10:56 AM: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149)
10:56 AM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
10:56 AM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
10:56 AM: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151)
10:56 AM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
10:56 AM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
10:56 AM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
10:56 AM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
10:56 AM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
10:56 AM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
10:56 AM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
10:56 AM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
10:56 AM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
10:56 AM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
10:56 AM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
10:56 AM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
10:56 AM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
10:56 AM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
10:56 AM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
10:56 AM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
10:56 AM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
10:56 AM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
10:56 AM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
10:56 AM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
10:56 AM: Found Adware: bookedspace
10:56 AM: HKLM\software\configuration manager\cfgmgr52\ (368 subtraces) (ID = 104873)
10:56 AM: Found Adware: browseraid
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\a70f6a1d-0195-42a2-934c-d8ac0f7c08eb\ (1 subtraces) (ID = 105078)
10:56 AM: Found Adware: cas
10:56 AM: HKCR\clsid\{8293d547-38dd-4325-b35a-f1817edfa5fc}\ (11 subtraces) (ID = 105365)
10:56 AM: HKCR\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (9 subtraces) (ID = 105366)
10:56 AM: HKLM\software\classes\clsid\{8293d547-38dd-4325-b35a-f1817edfa5fc}\ (11 subtraces) (ID = 105368)
10:56 AM: HKLM\software\classes\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (9 subtraces) (ID = 105369)
10:56 AM: Found Adware: clearsearch
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\microsoft\internet explorer\new windows\allow\ || 69.28.210.175 (ID = 105744)
10:56 AM: Found Adware: cws-aboutblank
10:56 AM: HKCR\protocols\filter\text/html\ (2 subtraces) (ID = 114343)
10:56 AM: HKLM\software\classes\protocols\filter\text/html\ (2 subtraces) (ID = 115907)
10:56 AM: Found Adware: delfin
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\mvu\ (5 subtraces) (ID = 124884)
10:56 AM: HKLM\software\vidctrl\ (3 subtraces) (ID = 124897)
10:56 AM: Found Adware: ieplugin
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\intexp\ (10 subtraces) (ID = 128173)
10:56 AM: Found Adware: drsnsrch.com hijack
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
10:56 AM: Found Adware: redzip toolbar
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\microsoft\windows\currentversion\explorer\ || insid (ID = 139328)
10:56 AM: Found Adware: screensavers
10:56 AM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (14 subtraces) (ID = 140550)
10:56 AM: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (14 subtraces) (ID = 140551)
10:56 AM: HKCR\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (8 subtraces) (ID = 140552)
10:56 AM: HKCR\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (8 subtraces) (ID = 140553)
10:56 AM: HKCR\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (8 subtraces) (ID = 140554)
10:56 AM: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (14 subtraces) (ID = 140555)
10:56 AM: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (14 subtraces) (ID = 140556)
10:56 AM: HKLM\software\classes\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (8 subtraces) (ID = 140557)
10:56 AM: HKLM\software\classes\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (8 subtraces) (ID = 140558)
10:56 AM: HKLM\software\classes\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (8 subtraces) (ID = 140559)
10:56 AM: HKLM\software\classes\screensaversinstaller.installer.1\ (3 subtraces) (ID = 140560)
10:56 AM: HKLM\software\classes\screensaversinstaller.installer\ (5 subtraces) (ID = 140561)
10:56 AM: HKLM\software\classes\screensaversinstaller.sinstaller.1\ (3 subtraces) (ID = 140562)
10:56 AM: HKLM\software\classes\screensaversinstaller.sinstaller.1\clsid\ (1 subtraces) (ID = 140563)
10:56 AM: HKLM\software\classes\screensaversinstaller.sinstaller\ (5 subtraces) (ID = 140564)
10:56 AM: HKLM\software\classes\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (9 subtraces) (ID = 140565)
10:56 AM: HKLM\software\microsoft\code store database\distribution units\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (9 subtraces) (ID = 140566)
10:56 AM: HKLM\software\screensavers.com\ (14 subtraces) (ID = 140569)
10:56 AM: HKCR\screensaversinstaller.installer.1\ (3 subtraces) (ID = 140570)
10:56 AM: HKCR\screensaversinstaller.installer\ (5 subtraces) (ID = 140571)
10:56 AM: HKCR\screensaversinstaller.sinstaller.1\ (3 subtraces) (ID = 140572)
10:56 AM: HKCR\screensaversinstaller.sinstaller.1\clsid\ (1 subtraces) (ID = 140573)
10:56 AM: HKCR\screensaversinstaller.sinstaller\ (5 subtraces) (ID = 140574)
10:56 AM: HKCR\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (9 subtraces) (ID = 140575)
10:56 AM: Found Adware: searchtoolbar
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\{12ee7a5e-0674-42f9-a76b-000000004d00}\ (3 subtraces) (ID = 141347)
10:56 AM: Found Adware: visfx
10:56 AM: HKLM\software\microsoft\windows\currentversion\uninstall\visfx\ (2 subtraces) (ID = 145734)
10:56 AM: HKCR\activexctrl\ (3 subtraces) (ID = 169450)
10:56 AM: HKCR\clsid\{3bfadce2-1141-4b81-8878-49af625f0fdc}\ (3 subtraces) (ID = 169451)
10:56 AM: HKCR\clsid\{4208fb4d-4e53-4f5a-bf7a-3e047ddb5281}\ (21 subtraces) (ID = 169452)
10:56 AM: HKCR\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169454)
10:56 AM: HKCR\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169455)
10:56 AM: HKCR\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169456)
10:56 AM: HKLM\software\classes\activexctrl\ (3 subtraces) (ID = 169457)
10:56 AM: HKLM\software\classes\clsid\{3bfadce2-1141-4b81-8878-49af625f0fdc}\ (3 subtraces) (ID = 169458)
10:56 AM: HKLM\software\classes\clsid\{4208fb4d-4e53-4f5a-bf7a-3e047ddb5281}\ (21 subtraces) (ID = 169459)
10:56 AM: HKLM\software\classes\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169461)
10:56 AM: HKLM\software\classes\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169462)
10:56 AM: HKLM\software\classes\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169463)
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\cas\client\ (1 subtraces) (ID = 359309)
10:56 AM: Found Adware: personal money tree
10:56 AM: HKCR\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359438)
10:56 AM: HKCR\comparishopper.application\ (3 subtraces) (ID = 359439)
10:56 AM: HKLM\software\classes\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359441)
10:56 AM: HKLM\software\classes\comparishopper.application\ (3 subtraces) (ID = 359442)
10:56 AM: Found Adware: shopnavupdater
10:56 AM: HKCR\clsid\{00027925-0017-4faf-9539-90e4ac0b9ec5}\ (11 subtraces) (ID = 359486)
10:56 AM: HKCR\clsid\{5e0910c6-9e45-481c-a2ec-0ec29c96ebeb}\ (11 subtraces) (ID = 359487)
10:56 AM: HKCR\clsid\{8f7d96aa-489a-4194-ab34-21ef42507932}\ (13 subtraces) (ID = 359488)
10:56 AM: HKCR\clsid\{79406f24-8e95-4af8-9fef-2ea2b504e707}\ (13 subtraces) (ID = 359489)
10:56 AM: HKCR\clsid\{b424e2aa-4466-41ca-8194-5a83995a9b15}\ (11 subtraces) (ID = 359490)
10:56 AM: HKCR\snb.band\ (5 subtraces) (ID = 359491)
10:56 AM: HKCR\sntb.bottomframe\ (5 subtraces) (ID = 359492)
10:56 AM: HKCR\sntb.leftframe\ (5 subtraces) (ID = 359493)
10:56 AM: HKCR\sntb.popupbrowser\ (5 subtraces) (ID = 359494)
10:56 AM: HKCR\sntb.popupwindow\ (5 subtraces) (ID = 359495)
10:56 AM: HKLM\software\classes\clsid\{00027925-0017-4faf-9539-90e4ac0b9ec5}\ (11 subtraces) (ID = 359496)
10:56 AM: HKLM\software\classes\clsid\{5e0910c6-9e45-481c-a2ec-0ec29c96ebeb}\ (11 subtraces) (ID = 359497)
10:56 AM: HKLM\software\classes\clsid\{8f7d96aa-489a-4194-ab34-21ef42507932}\ (13 subtraces) (ID = 359498)
10:56 AM: HKLM\software\classes\clsid\{79406f24-8e95-4af8-9fef-2ea2b504e707}\ (13 subtraces) (ID = 359499)
10:56 AM: HKLM\software\classes\clsid\{b424e2aa-4466-41ca-8194-5a83995a9b15}\ (11 subtraces) (ID = 359500)
10:56 AM: HKLM\software\classes\snb.band\ (5 subtraces) (ID = 359501)
10:56 AM: HKLM\software\classes\sntb.bottomframe\ (5 subtraces) (ID = 359502)
10:56 AM: HKLM\software\classes\sntb.leftframe\ (5 subtraces) (ID = 359503)
10:56 AM: HKLM\software\classes\sntb.popupbrowser.1\ (3 subtraces) (ID = 359504)
10:56 AM: HKLM\software\classes\sntb.popupbrowser\ (5 subtraces) (ID = 359505)
10:56 AM: HKLM\software\classes\sntb.popupwindow.1\ (3 subtraces) (ID = 359506)
10:56 AM: HKLM\software\classes\sntb.popupwindow\ (5 subtraces) (ID = 359507)
10:56 AM: HKLM\software\classes\typelib\{46bd3f46-6e46-43d2-a69d-fd8c05044475}\ (9 subtraces) (ID = 359508)
10:56 AM: HKCR\typelib\{46bd3f46-6e46-43d2-a69d-fd8c05044475}\ (9 subtraces) (ID = 359513)
10:56 AM: Found Adware: abetterinternet
10:56 AM: HKCR\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 359578)
10:56 AM: HKCR\aurorahandlerdll.aurorahandlerdllobj.1\ (3 subtraces) (ID = 359584)
10:56 AM: HKCR\clsid\{4aa870ac-8427-42a4-b92e-ecd956197489}\ (11 subtraces) (ID = 359588)
10:56 AM: HKLM\software\classes\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 359725)
10:56 AM: HKLM\software\classes\aurorahandlerdll.aurorahandlerdllobj.1\ (3 subtraces) (ID = 359731)
10:56 AM: HKLM\software\classes\clsid\{4aa870ac-8427-42a4-b92e-ecd956197489}\ (11 subtraces) (ID = 359735)
10:56 AM: HKLM\software\classes\typelib\{6d992911-b563-47fc-ab29-437f42d1c729}\ (9 subtraces) (ID = 359756)
10:56 AM: HKCR\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 360169)
10:56 AM: HKCR\clsid\{4aa870ac-8427-42a4-b92e-ecd956197489}\ (11 subtraces) (ID = 360170)
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\cmapp\ (5 subtraces) (ID = 381792)
10:56 AM: Found Trojan Horse: sysnet
10:56 AM: HKLM\software\microsoft\windows\currentversion\uninstall\sysnet\ (2 subtraces) (ID = 381857)
10:56 AM: HKCR\interface\{544b6a3f-4024-4403-9661-69b8410be505}\ (8 subtraces) (ID = 479497)
10:56 AM: HKCR\typelib\{6d992911-b563-47fc-ab29-437f42d1c729}\ (9 subtraces) (ID = 480791)
10:56 AM: HKCR\main.mimefilter\ (5 subtraces) (ID = 498504)
10:56 AM: HKLM\software\classes\main.mimefilter\ (5 subtraces) (ID = 498516)
10:56 AM: HKCR\main.mimefilter\ (5 subtraces) (ID = 499294)
10:56 AM: HKLM\software\classes\main.mimefilter\ (5 subtraces) (ID = 499295)
10:56 AM: Found Adware: rich editor
10:56 AM: HKCR\clsid\{71d1708f-973d-4600-af01-ad86688403ae}\ (11 subtraces) (ID = 544813)
10:56 AM: HKCR\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\ (9 subtraces) (ID = 544913)
10:56 AM: HKLM\software\classes\clsid\{71d1708f-973d-4600-af01-ad86688403ae}\ (11 subtraces) (ID = 550504)
10:56 AM: HKLM\software\microsoft\windows\currentversion\app paths\lanbrd\ (2 subtraces) (ID = 550562)
10:56 AM: HKLM\software\microsoft\windows\currentversion\app paths\lanbrup\ (2 subtraces) (ID = 550565)
10:56 AM: HKLM\software\classes\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\ (9 subtraces) (ID = 550573)
10:56 AM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\lanbrup.exe\ (1 subtraces) (ID = 552678)
10:56 AM: Registry Sweep Complete, Elapsed Time:00:00:15
10:56 AM: Starting Cookie Sweep
10:56 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:56 AM: Starting File Sweep
10:56 AM: c:\documents and settings\all users\application data\addestroyer (1 subtraces) (ID = -2147481464)
10:56 AM: Found Adware: virtualbouncer
10:56 AM: c:\documents and settings\all users\application data\vbouncer (ID = -2147480097)
10:56 AM: Found Trojan Horse: trojan-downloader-bookedspace
10:56 AM: c:\windows\cfgmgr52 (105 subtraces) (ID = -2147479590)
10:56 AM: c:\windows\system32\vidctrl (ID = -2147481117)
10:56 AM: c:\documents and settings\all users\application data\nsv (17 subtraces) (ID = -2147481136)
10:56 AM: c:\windows\system32\nsvsvc (1 subtraces) (ID = -2147481119)
10:56 AM: c:\program files\asys (2 subtraces) (ID = -2147477847)
10:56 AM: Found Adware: shopathomeselect
10:56 AM: c:\windows\system32\sahimages (6 subtraces) (ID = -2147480329)
10:56 AM: c:\program files\aprps (12 subtraces) (ID = -2147481420)
10:56 AM: lanbruns.exe (ID = 122360)
10:57 AM: Found Adware: comet cursor
10:57 AM: cc_43.pnf (ID = 53470)
11:05 AM: Warning: Failed to read file "c:\windows\system32\newrszht.dll". System Error. Code: 32.
The process cannot access the file because it is being used by another process
11:05 AM: bwedsvc.exe (ID = 110132)
11:07 AM: vfx8.0-1.exe (ID = 110122)
11:07 AM: tqrmsrv.dll (ID = 120432)
11:09 AM: stb.exe (ID = 123417)
11:09 AM: rsipxmib.dll (ID = 125214)
11:09 AM: Warning: Failed to read file "c:\documents and settings\cody neslen\local settings\temp\perflib_perfdata_5bc.dat". System Error. Code: 32.
The process cannot access the file because it is being used by another process
11:09 AM: Warning: Failed to read file "c:\windows\system32\pxlstore.dll". System Error. Code: 32.
The process cannot access the file because it is being used by another process
11:09 AM: wmv1920.dbd (ID = 57692)
11:09 AM: wmv2007.dbd (ID = 57693)
11:09 AM: stlb2.xml (ID = 51947)
11:09 AM: csbjmon.dll (ID = 120432)
11:09 AM: Found Adware: purityscan
11:09 AM: shex.exe (ID = 94438)
11:09 AM: Found Adware: upspiral toolbar
11:09 AM: unist2.exe (ID = 82040)
11:09 AM: Found Adware: quicklink search toolbar
11:09 AM: uninst.exe (ID = 73428)
11:09 AM: cbtsrv.dll (ID = 120432)
11:09 AM: Found Adware: 180search assistant/zango
11:09 AM: cxtpls.dll (ID = 120160)
11:09 AM: Found Trojan Horse: trojan downloader pops-stop
11:09 AM: installerv4.exe (ID = 122359)
11:10 AM: wingenerics.dll (ID = 50187)
11:10 AM: tepvipno.dll (ID = 125444)
11:10 AM: mkgmbi.dll (ID = 119159)
11:10 AM: ttext.dll (ID = 75991)
11:10 AM: wirelanb.dll (ID = 125490)
11:10 AM: cxtpls.exe (ID = 120161)
11:10 AM: Found Trojan Horse: trojan-downloader-pacisoft
11:10 AM: xboxab.ico (ID = 113921)
11:10 AM: sony psp1.ico (ID = 125992)
11:10 AM: virushunter4.ico (ID = 113920)
11:10 AM: ringtone2.ico (ID = 125993)
11:10 AM: cqcmcuqs.dat (ID = 121494)
11:10 AM: kill all spyware.ico (ID = 125994)
11:10 AM: sinstaller.inf (ID = 74756)
11:10 AM: wmv0204.ddx (ID = 57686)
11:10 AM: wmv0504.ddx (ID = 57686)
11:10 AM: wmv0904.ddx (ID = 57691)
11:10 AM: wmv0412.ddx (ID = 57686)
11:10 AM: wmv0106.ddx (ID = 57679)
11:10 AM: wmv1204.ddx (ID = 57686)
11:10 AM: wmv1125.ddx (ID = 57685)
11:10 AM: wmv1909.ddx (ID = 57691)
11:10 AM: wmv0315.ddx (ID = 57686)
11:10 AM: Found Adware: adlogix
11:10 AM: pjnumb.xml (ID = 49280)
11:10 AM: File Sweep Complete, Elapsed Time: 00:14:22
11:10 AM: Full Sweep has completed. Elapsed time 00:18:44
11:10 AM: Traces Found: 1941
12:47 PM: Removal process initiated
12:48 PM: Quarantining All Traces: icannnews
12:48 PM: Warning: Could not create quarantine file for: C:\WINDOWS\system32\newrszht.dll File locked exclusively. Restoration will not be possible.
12:48 PM: Warning: Could not create quarantine file for: C:\WINDOWS\system32\pxlstore.dll File locked exclusively. Restoration will not be possible.
12:49 PM: icannnews is in use. It will be removed on reboot.
12:49 PM: C:\WINDOWS\system32\newrszht.dll is in use. It will be removed on reboot.
12:49 PM: C:\WINDOWS\system32\pxlstore.dll is in use. It will be removed on reboot.
12:49 PM: Quarantining All Traces: addestroyer
12:49 PM: Quarantining All Traces: apropos
12:49 PM: Quarantining All Traces: begin2search
12:49 PM: Quarantining All Traces: hotsearchbar toolbar
12:49 PM: Quarantining All Traces: bookedspace
12:49 PM: Quarantining All Traces: browseraid
12:49 PM: Quarantining All Traces: cas
12:49 PM: Quarantining All Traces: clearsearch
12:49 PM: Quarantining All Traces: cws-aboutblank
12:49 PM: Quarantining All Traces: delfin
12:49 PM: Quarantining All Traces: ieplugin
12:49 PM: Quarantining All Traces: drsnsrch.com hijack
12:49 PM: Quarantining All Traces: redzip toolbar
12:49 PM: Quarantining All Traces: screensavers
12:49 PM: Quarantining All Traces: searchtoolbar
12:49 PM: Quarantining All Traces: visfx
12:49 PM: Quarantining All Traces: personal money tree
12:49 PM: Quarantining All Traces: shopnavupdater
12:49 PM: Quarantining All Traces: abetterinternet
12:49 PM: Quarantining All Traces: sysnet
12:49 PM: Quarantining All Traces: rich editor
12:49 PM: Quarantining All Traces: virtualbouncer
12:49 PM: Quarantining All Traces: trojan-downloader-bookedspace
12:49 PM: Quarantining All Traces: shopathomeselect
12:49 PM: Quarantining All Traces: comet cursor
12:49 PM: Quarantining All Traces: purityscan
12:49 PM: Quarantining All Traces: upspiral toolbar
12:49 PM: Quarantining All Traces: quicklink search toolbar
12:49 PM: Quarantining All Traces: 180search assistant/zango
12:49 PM: Quarantining All Traces: trojan downloader pops-stop
12:49 PM: Quarantining All Traces: trojan-downloader-pacisoft
12:49 PM: Quarantining All Traces: adlogix
12:50 PM: Removal process completed. Elapsed time 00:02:17

Logfile of HijackThis v1.99.1
Scan saved at 12:54:01 PM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HiJackTHis\HijackThis.exe

O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\newrszht.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Cadence License Manager - GLOBEtrotter Software Inc. - C:\OrCAD\license_manager\lmgrd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#11
ukbiker

Posted 07 August 2005 - 05:13 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi there

please carry out the following instructions

Pleaseclean out your temporary files and flush your restore points:

Start | Run | type cleanmgr | OK
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Click "OK" to remove them.
Click "Yes" to confirm the deletion.

Flush System Restore.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Update Spysweeper and then Reboot into Safe mode. Please run Spysweeper. When it is done, Reboot into normal mode, rescan with HJT and post the spysweeper and HJT logs for me here.

Thanks

UKBiker

#12
codyneslen

Posted 08 August 2005 - 12:37 AM

New Member

Topic Starter
Member
8 posts

Hey UKBiker, i did what you said. When i went into the session log on spysweeper, it shows all the logs that it has done but i dont really see the one i just completed. Ill post the entire thing at the bottom of this below the HJT log, but i dont know if you really need any of it. I havnt gotten a pop-up yet since i logged on to here to post this message so thats awesome! I may be clean or almost cleaned! Thanks so much thus far. Oh, and by the way, my computer has randomly shut down twice (once shut down, once restarted) out of nowhere. I dont know if that has to do with stuff ive been doing or whatever, but it hasnt ever done that before. Im not worried about it, but just incase you needed to know. Anyway, here are the logs...

Logfile of HijackThis v1.99.1
Scan saved at 11:32:44 PM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackTHis\HijackThis.exe

O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Cadence License Manager - GLOBEtrotter Software Inc. - C:\OrCAD\license_manager\lmgrd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

And now the extremely long log of spy sweeper (all logs put in one, sorry)

********
10:52 AM: |··· Start of Session, Sunday, August 07, 2005 ···|
10:52 AM: Spy Sweeper started
10:52 AM: Sweep initiated using definitions version 511
10:52 AM: Starting Memory Sweep
10:52 AM: Warning: Failed to check file "C:\WINDOWS\system32\newrszht.dll". Cannot open file "C:\WINDOWS\system32\newrszht.dll". The process cannot access the file because it is being used by another process
10:52 AM: Found Adware: icannnews
10:52 AM: Detected running threat: C:\WINDOWS\system32\newrszht.dll (ID = 51)
10:52 AM: Warning: Failed to check file "C:\WINDOWS\system32\pxlstore.dll". Cannot open file "C:\WINDOWS\system32\pxlstore.dll". The process cannot access the file because it is being used by another process
10:52 AM: Detected running threat: C:\WINDOWS\system32\pxlstore.dll (ID = 51)
10:54 AM: Warning: Failed to check file "C:\WINDOWS\system32\newrszht.dll". Cannot open file "C:\WINDOWS\system32\newrszht.dll". The process cannot access the file because it is being used by another process
10:56 AM: Memory Sweep Complete, Elapsed Time: 00:03:59
10:56 AM: Starting Registry Sweep
10:56 AM: Found Adware: addestroyer
10:56 AM: HKCR\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b}\ (13 subtraces) (ID = 102729)
10:56 AM: HKLM\software\classes\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b}\ (13 subtraces) (ID = 102738)
10:56 AM: Found Adware: apropos
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\aprps\ (7 subtraces) (ID = 103740)
10:56 AM: HKLM\software\aprps\ (8 subtraces) (ID = 103741)
10:56 AM: Found Adware: begin2search
10:56 AM: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095)
10:56 AM: Found Adware: hotsearchbar toolbar
10:56 AM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
10:56 AM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
10:56 AM: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097)
10:56 AM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
10:56 AM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
10:56 AM: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099)
10:56 AM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
10:56 AM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
10:56 AM: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101)
10:56 AM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
10:56 AM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
10:56 AM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
10:56 AM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
10:56 AM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
10:56 AM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
10:56 AM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
10:56 AM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
10:56 AM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
10:56 AM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
10:56 AM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
10:56 AM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
10:56 AM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
10:56 AM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
10:56 AM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
10:56 AM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
10:56 AM: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145)
10:56 AM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
10:56 AM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
10:56 AM: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147)
10:56 AM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
10:56 AM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
10:56 AM: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149)
10:56 AM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
10:56 AM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
10:56 AM: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151)
10:56 AM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
10:56 AM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
10:56 AM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
10:56 AM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
10:56 AM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
10:56 AM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
10:56 AM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
10:56 AM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
10:56 AM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
10:56 AM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
10:56 AM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
10:56 AM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
10:56 AM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
10:56 AM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
10:56 AM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
10:56 AM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
10:56 AM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
10:56 AM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
10:56 AM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
10:56 AM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
10:56 AM: Found Adware: bookedspace
10:56 AM: HKLM\software\configuration manager\cfgmgr52\ (368 subtraces) (ID = 104873)
10:56 AM: Found Adware: browseraid
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\a70f6a1d-0195-42a2-934c-d8ac0f7c08eb\ (1 subtraces) (ID = 105078)
10:56 AM: Found Adware: cas
10:56 AM: HKCR\clsid\{8293d547-38dd-4325-b35a-f1817edfa5fc}\ (11 subtraces) (ID = 105365)
10:56 AM: HKCR\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (9 subtraces) (ID = 105366)
10:56 AM: HKLM\software\classes\clsid\{8293d547-38dd-4325-b35a-f1817edfa5fc}\ (11 subtraces) (ID = 105368)
10:56 AM: HKLM\software\classes\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (9 subtraces) (ID = 105369)
10:56 AM: Found Adware: clearsearch
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\microsoft\internet explorer\new windows\allow\ || 69.28.210.175 (ID = 105744)
10:56 AM: Found Adware: cws-aboutblank
10:56 AM: HKCR\protocols\filter\text/html\ (2 subtraces) (ID = 114343)
10:56 AM: HKLM\software\classes\protocols\filter\text/html\ (2 subtraces) (ID = 115907)
10:56 AM: Found Adware: delfin
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\mvu\ (5 subtraces) (ID = 124884)
10:56 AM: HKLM\software\vidctrl\ (3 subtraces) (ID = 124897)
10:56 AM: Found Adware: ieplugin
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\intexp\ (10 subtraces) (ID = 128173)
10:56 AM: Found Adware: drsnsrch.com hijack
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
10:56 AM: Found Adware: redzip toolbar
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\microsoft\windows\currentversion\explorer\ || insid (ID = 139328)
10:56 AM: Found Adware: screensavers
10:56 AM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (14 subtraces) (ID = 140550)
10:56 AM: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (14 subtraces) (ID = 140551)
10:56 AM: HKCR\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (8 subtraces) (ID = 140552)
10:56 AM: HKCR\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (8 subtraces) (ID = 140553)
10:56 AM: HKCR\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (8 subtraces) (ID = 140554)
10:56 AM: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (14 subtraces) (ID = 140555)
10:56 AM: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (14 subtraces) (ID = 140556)
10:56 AM: HKLM\software\classes\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (8 subtraces) (ID = 140557)
10:56 AM: HKLM\software\classes\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (8 subtraces) (ID = 140558)
10:56 AM: HKLM\software\classes\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (8 subtraces) (ID = 140559)
10:56 AM: HKLM\software\classes\screensaversinstaller.installer.1\ (3 subtraces) (ID = 140560)
10:56 AM: HKLM\software\classes\screensaversinstaller.installer\ (5 subtraces) (ID = 140561)
10:56 AM: HKLM\software\classes\screensaversinstaller.sinstaller.1\ (3 subtraces) (ID = 140562)
10:56 AM: HKLM\software\classes\screensaversinstaller.sinstaller.1\clsid\ (1 subtraces) (ID = 140563)
10:56 AM: HKLM\software\classes\screensaversinstaller.sinstaller\ (5 subtraces) (ID = 140564)
10:56 AM: HKLM\software\classes\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (9 subtraces) (ID = 140565)
10:56 AM: HKLM\software\microsoft\code store database\distribution units\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (9 subtraces) (ID = 140566)
10:56 AM: HKLM\software\screensavers.com\ (14 subtraces) (ID = 140569)
10:56 AM: HKCR\screensaversinstaller.installer.1\ (3 subtraces) (ID = 140570)
10:56 AM: HKCR\screensaversinstaller.installer\ (5 subtraces) (ID = 140571)
10:56 AM: HKCR\screensaversinstaller.sinstaller.1\ (3 subtraces) (ID = 140572)
10:56 AM: HKCR\screensaversinstaller.sinstaller.1\clsid\ (1 subtraces) (ID = 140573)
10:56 AM: HKCR\screensaversinstaller.sinstaller\ (5 subtraces) (ID = 140574)
10:56 AM: HKCR\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (9 subtraces) (ID = 140575)
10:56 AM: Found Adware: searchtoolbar
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\{12ee7a5e-0674-42f9-a76b-000000004d00}\ (3 subtraces) (ID = 141347)
10:56 AM: Found Adware: visfx
10:56 AM: HKLM\software\microsoft\windows\currentversion\uninstall\visfx\ (2 subtraces) (ID = 145734)
10:56 AM: HKCR\activexctrl\ (3 subtraces) (ID = 169450)
10:56 AM: HKCR\clsid\{3bfadce2-1141-4b81-8878-49af625f0fdc}\ (3 subtraces) (ID = 169451)
10:56 AM: HKCR\clsid\{4208fb4d-4e53-4f5a-bf7a-3e047ddb5281}\ (21 subtraces) (ID = 169452)
10:56 AM: HKCR\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169454)
10:56 AM: HKCR\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169455)
10:56 AM: HKCR\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169456)
10:56 AM: HKLM\software\classes\activexctrl\ (3 subtraces) (ID = 169457)
10:56 AM: HKLM\software\classes\clsid\{3bfadce2-1141-4b81-8878-49af625f0fdc}\ (3 subtraces) (ID = 169458)
10:56 AM: HKLM\software\classes\clsid\{4208fb4d-4e53-4f5a-bf7a-3e047ddb5281}\ (21 subtraces) (ID = 169459)
10:56 AM: HKLM\software\classes\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169461)
10:56 AM: HKLM\software\classes\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169462)
10:56 AM: HKLM\software\classes\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169463)
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\cas\client\ (1 subtraces) (ID = 359309)
10:56 AM: Found Adware: personal money tree
10:56 AM: HKCR\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359438)
10:56 AM: HKCR\comparishopper.application\ (3 subtraces) (ID = 359439)
10:56 AM: HKLM\software\classes\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359441)
10:56 AM: HKLM\software\classes\comparishopper.application\ (3 subtraces) (ID = 359442)
10:56 AM: Found Adware: shopnavupdater
10:56 AM: HKCR\clsid\{00027925-0017-4faf-9539-90e4ac0b9ec5}\ (11 subtraces) (ID = 359486)
10:56 AM: HKCR\clsid\{5e0910c6-9e45-481c-a2ec-0ec29c96ebeb}\ (11 subtraces) (ID = 359487)
10:56 AM: HKCR\clsid\{8f7d96aa-489a-4194-ab34-21ef42507932}\ (13 subtraces) (ID = 359488)
10:56 AM: HKCR\clsid\{79406f24-8e95-4af8-9fef-2ea2b504e707}\ (13 subtraces) (ID = 359489)
10:56 AM: HKCR\clsid\{b424e2aa-4466-41ca-8194-5a83995a9b15}\ (11 subtraces) (ID = 359490)
10:56 AM: HKCR\snb.band\ (5 subtraces) (ID = 359491)
10:56 AM: HKCR\sntb.bottomframe\ (5 subtraces) (ID = 359492)
10:56 AM: HKCR\sntb.leftframe\ (5 subtraces) (ID = 359493)
10:56 AM: HKCR\sntb.popupbrowser\ (5 subtraces) (ID = 359494)
10:56 AM: HKCR\sntb.popupwindow\ (5 subtraces) (ID = 359495)
10:56 AM: HKLM\software\classes\clsid\{00027925-0017-4faf-9539-90e4ac0b9ec5}\ (11 subtraces) (ID = 359496)
10:56 AM: HKLM\software\classes\clsid\{5e0910c6-9e45-481c-a2ec-0ec29c96ebeb}\ (11 subtraces) (ID = 359497)
10:56 AM: HKLM\software\classes\clsid\{8f7d96aa-489a-4194-ab34-21ef42507932}\ (13 subtraces) (ID = 359498)
10:56 AM: HKLM\software\classes\clsid\{79406f24-8e95-4af8-9fef-2ea2b504e707}\ (13 subtraces) (ID = 359499)
10:56 AM: HKLM\software\classes\clsid\{b424e2aa-4466-41ca-8194-5a83995a9b15}\ (11 subtraces) (ID = 359500)
10:56 AM: HKLM\software\classes\snb.band\ (5 subtraces) (ID = 359501)
10:56 AM: HKLM\software\classes\sntb.bottomframe\ (5 subtraces) (ID = 359502)
10:56 AM: HKLM\software\classes\sntb.leftframe\ (5 subtraces) (ID = 359503)
10:56 AM: HKLM\software\classes\sntb.popupbrowser.1\ (3 subtraces) (ID = 359504)
10:56 AM: HKLM\software\classes\sntb.popupbrowser\ (5 subtraces) (ID = 359505)
10:56 AM: HKLM\software\classes\sntb.popupwindow.1\ (3 subtraces) (ID = 359506)
10:56 AM: HKLM\software\classes\sntb.popupwindow\ (5 subtraces) (ID = 359507)
10:56 AM: HKLM\software\classes\typelib\{46bd3f46-6e46-43d2-a69d-fd8c05044475}\ (9 subtraces) (ID = 359508)
10:56 AM: HKCR\typelib\{46bd3f46-6e46-43d2-a69d-fd8c05044475}\ (9 subtraces) (ID = 359513)
10:56 AM: Found Adware: abetterinternet
10:56 AM: HKCR\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 359578)
10:56 AM: HKCR\aurorahandlerdll.aurorahandlerdllobj.1\ (3 subtraces) (ID = 359584)
10:56 AM: HKCR\clsid\{4aa870ac-8427-42a4-b92e-ecd956197489}\ (11 subtraces) (ID = 359588)
10:56 AM: HKLM\software\classes\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 359725)
10:56 AM: HKLM\software\classes\aurorahandlerdll.aurorahandlerdllobj.1\ (3 subtraces) (ID = 359731)
10:56 AM: HKLM\software\classes\clsid\{4aa870ac-8427-42a4-b92e-ecd956197489}\ (11 subtraces) (ID = 359735)
10:56 AM: HKLM\software\classes\typelib\{6d992911-b563-47fc-ab29-437f42d1c729}\ (9 subtraces) (ID = 359756)
10:56 AM: HKCR\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 360169)
10:56 AM: HKCR\clsid\{4aa870ac-8427-42a4-b92e-ecd956197489}\ (11 subtraces) (ID = 360170)
10:56 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\cmapp\ (5 subtraces) (ID = 381792)
10:56 AM: Found Trojan Horse: sysnet
10:56 AM: HKLM\software\microsoft\windows\currentversion\uninstall\sysnet\ (2 subtraces) (ID = 381857)
10:56 AM: HKCR\interface\{544b6a3f-4024-4403-9661-69b8410be505}\ (8 subtraces) (ID = 479497)
10:56 AM: HKCR\typelib\{6d992911-b563-47fc-ab29-437f42d1c729}\ (9 subtraces) (ID = 480791)
10:56 AM: HKCR\main.mimefilter\ (5 subtraces) (ID = 498504)
10:56 AM: HKLM\software\classes\main.mimefilter\ (5 subtraces) (ID = 498516)
10:56 AM: HKCR\main.mimefilter\ (5 subtraces) (ID = 499294)
10:56 AM: HKLM\software\classes\main.mimefilter\ (5 subtraces) (ID = 499295)
10:56 AM: Found Adware: rich editor
10:56 AM: HKCR\clsid\{71d1708f-973d-4600-af01-ad86688403ae}\ (11 subtraces) (ID = 544813)
10:56 AM: HKCR\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\ (9 subtraces) (ID = 544913)
10:56 AM: HKLM\software\classes\clsid\{71d1708f-973d-4600-af01-ad86688403ae}\ (11 subtraces) (ID = 550504)
10:56 AM: HKLM\software\microsoft\windows\currentversion\app paths\lanbrd\ (2 subtraces) (ID = 550562)
10:56 AM: HKLM\software\microsoft\windows\currentversion\app paths\lanbrup\ (2 subtraces) (ID = 550565)
10:56 AM: HKLM\software\classes\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\ (9 subtraces) (ID = 550573)
10:56 AM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\lanbrup.exe\ (1 subtraces) (ID = 552678)
10:56 AM: Registry Sweep Complete, Elapsed Time:00:00:15
10:56 AM: Starting Cookie Sweep
10:56 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:56 AM: Starting File Sweep
10:56 AM: c:\documents and settings\all users\application data\addestroyer (1 subtraces) (ID = -2147481464)
10:56 AM: Found Adware: virtualbouncer
10:56 AM: c:\documents and settings\all users\application data\vbouncer (ID = -2147480097)
10:56 AM: Found Trojan Horse: trojan-downloader-bookedspace
10:56 AM: c:\windows\cfgmgr52 (105 subtraces) (ID = -2147479590)
10:56 AM: c:\windows\system32\vidctrl (ID = -2147481117)
10:56 AM: c:\documents and settings\all users\application data\nsv (17 subtraces) (ID = -2147481136)
10:56 AM: c:\windows\system32\nsvsvc (1 subtraces) (ID = -2147481119)
10:56 AM: c:\program files\asys (2 subtraces) (ID = -2147477847)
10:56 AM: Found Adware: shopathomeselect
10:56 AM: c:\windows\system32\sahimages (6 subtraces) (ID = -2147480329)
10:56 AM: c:\program files\aprps (12 subtraces) (ID = -2147481420)
10:56 AM: lanbruns.exe (ID = 122360)
10:57 AM: Found Adware: comet cursor
10:57 AM: cc_43.pnf (ID = 53470)
11:05 AM: Warning: Failed to read file "c:\windows\system32\newrszht.dll". System Error. Code: 32.
The process cannot access the file because it is being used by another process
11:05 AM: bwedsvc.exe (ID = 110132)
11:07 AM: vfx8.0-1.exe (ID = 110122)
11:07 AM: tqrmsrv.dll (ID = 120432)
11:09 AM: stb.exe (ID = 123417)
11:09 AM: rsipxmib.dll (ID = 125214)
11:09 AM: Warning: Failed to read file "c:\documents and settings\cody neslen\local settings\temp\perflib_perfdata_5bc.dat". System Error. Code: 32.
The process cannot access the file because it is being used by another process
11:09 AM: Warning: Failed to read file "c:\windows\system32\pxlstore.dll". System Error. Code: 32.
The process cannot access the file because it is being used by another process
11:09 AM: wmv1920.dbd (ID = 57692)
11:09 AM: wmv2007.dbd (ID = 57693)
11:09 AM: stlb2.xml (ID = 51947)
11:09 AM: csbjmon.dll (ID = 120432)
11:09 AM: Found Adware: purityscan
11:09 AM: shex.exe (ID = 94438)
11:09 AM: Found Adware: upspiral toolbar
11:09 AM: unist2.exe (ID = 82040)
11:09 AM: Found Adware: quicklink search toolbar
11:09 AM: uninst.exe (ID = 73428)
11:09 AM: cbtsrv.dll (ID = 120432)
11:09 AM: Found Adware: 180search assistant/zango
11:09 AM: cxtpls.dll (ID = 120160)
11:09 AM: Found Trojan Horse: trojan downloader pops-stop
11:09 AM: installerv4.exe (ID = 122359)
11:10 AM: wingenerics.dll (ID = 50187)
11:10 AM: tepvipno.dll (ID = 125444)
11:10 AM: mkgmbi.dll (ID = 119159)
11:10 AM: ttext.dll (ID = 75991)
11:10 AM: wirelanb.dll (ID = 125490)
11:10 AM: cxtpls.exe (ID = 120161)
11:10 AM: Found Trojan Horse: trojan-downloader-pacisoft
11:10 AM: xboxab.ico (ID = 113921)
11:10 AM: sony psp1.ico (ID = 125992)
11:10 AM: virushunter4.ico (ID = 113920)
11:10 AM: ringtone2.ico (ID = 125993)
11:10 AM: cqcmcuqs.dat (ID = 121494)
11:10 AM: kill all spyware.ico (ID = 125994)
11:10 AM: sinstaller.inf (ID = 74756)
11:10 AM: wmv0204.ddx (ID = 57686)
11:10 AM: wmv0504.ddx (ID = 57686)
11:10 AM: wmv0904.ddx (ID = 57691)
11:10 AM: wmv0412.ddx (ID = 57686)
11:10 AM: wmv0106.ddx (ID = 57679)
11:10 AM: wmv1204.ddx (ID = 57686)
11:10 AM: wmv1125.ddx (ID = 57685)
11:10 AM: wmv1909.ddx (ID = 57691)
11:10 AM: wmv0315.ddx (ID = 57686)
11:10 AM: Found Adware: adlogix
11:10 AM: pjnumb.xml (ID = 49280)
11:10 AM: File Sweep Complete, Elapsed Time: 00:14:22
11:10 AM: Full Sweep has completed. Elapsed time 00:18:44
11:10 AM: Traces Found: 1941
12:47 PM: Removal process initiated
12:48 PM: Quarantining All Traces: icannnews
12:48 PM: Warning: Could not create quarantine file for: C:\WINDOWS\system32\newrszht.dll File locked exclusively. Restoration will not be possible.
12:48 PM: Warning: Could not create quarantine file for: C:\WINDOWS\system32\pxlstore.dll File locked exclusively. Restoration will not be possible.
12:49 PM: icannnews is in use. It will be removed on reboot.
12:49 PM: C:\WINDOWS\system32\newrszht.dll is in use. It will be removed on reboot.
12:49 PM: C:\WINDOWS\system32\pxlstore.dll is in use. It will be removed on reboot.
12:49 PM: Quarantining All Traces: addestroyer
12:49 PM: Quarantining All Traces: apropos
12:49 PM: Quarantining All Traces: begin2search
12:49 PM: Quarantining All Traces: hotsearchbar toolbar
12:49 PM: Quarantining All Traces: bookedspace
12:49 PM: Quarantining All Traces: browseraid
12:49 PM: Quarantining All Traces: cas
12:49 PM: Quarantining All Traces: clearsearch
12:49 PM: Quarantining All Traces: cws-aboutblank
12:49 PM: Quarantining All Traces: delfin
12:49 PM: Quarantining All Traces: ieplugin
12:49 PM: Quarantining All Traces: drsnsrch.com hijack
12:49 PM: Quarantining All Traces: redzip toolbar
12:49 PM: Quarantining All Traces: screensavers
12:49 PM: Quarantining All Traces: searchtoolbar
12:49 PM: Quarantining All Traces: visfx
12:49 PM: Quarantining All Traces: personal money tree
12:49 PM: Quarantining All Traces: shopnavupdater
12:49 PM: Quarantining All Traces: abetterinternet
12:49 PM: Quarantining All Traces: sysnet
12:49 PM: Quarantining All Traces: rich editor
12:49 PM: Quarantining All Traces: virtualbouncer
12:49 PM: Quarantining All Traces: trojan-downloader-bookedspace
12:49 PM: Quarantining All Traces: shopathomeselect
12:49 PM: Quarantining All Traces: comet cursor
12:49 PM: Quarantining All Traces: purityscan
12:49 PM: Quarantining All Traces: upspiral toolbar
12:49 PM: Quarantining All Traces: quicklink search toolbar
12:49 PM: Quarantining All Traces: 180search assistant/zango
12:49 PM: Quarantining All Traces: trojan downloader pops-stop
12:49 PM: Quarantining All Traces: trojan-downloader-pacisoft
12:49 PM: Quarantining All Traces: adlogix
12:50 PM: Removal process completed. Elapsed time 00:02:17
********
2:14 AM: |··· Start of Session, Sunday, August 07, 2005 ···|
2:14 AM: Spy Sweeper started
2:14 AM: Sweep initiated using definitions version 511
2:14 AM: Starting Memory Sweep
2:15 AM: Warning: Failed to check file "C:\WINDOWS\system32\newrszht.dll". Cannot open file "C:\WINDOWS\system32\newrszht.dll". The process cannot access the file because it is being used by another process
2:15 AM: Found Adware: icannnews
2:15 AM: Detected running threat: C:\WINDOWS\system32\newrszht.dll (ID = 51)
2:15 AM: Warning: Failed to check file "C:\WINDOWS\system32\pxlstore.dll". Cannot open file "C:\WINDOWS\system32\pxlstore.dll". The process cannot access the file because it is being used by another process
2:15 AM: Detected running threat: C:\WINDOWS\system32\pxlstore.dll (ID = 51)
2:17 AM: Warning: Failed to check file "C:\WINDOWS\system32\newrszht.dll". Cannot open file "C:\WINDOWS\system32\newrszht.dll". The process cannot access the file because it is being used by another process
2:18 AM: Memory Sweep Complete, Elapsed Time: 00:03:28
2:18 AM: Starting Registry Sweep
2:18 AM: Found Adware: addestroyer
2:18 AM: HKCR\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b}\ (13 subtraces) (ID = 102729)
2:18 AM: HKLM\software\classes\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b}\ (13 subtraces) (ID = 102738)
2:18 AM: Found Adware: apropos
2:18 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\aprps\ (7 subtraces) (ID = 103740)
2:18 AM: HKLM\software\aprps\ (8 subtraces) (ID = 103741)
2:18 AM: Found Adware: begin2search
2:18 AM: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095)
2:18 AM: Found Adware: hotsearchbar toolbar
2:18 AM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
2:18 AM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
2:18 AM: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097)
2:18 AM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
2:18 AM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
2:18 AM: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099)
2:18 AM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
2:18 AM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
2:18 AM: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101)
2:18 AM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
2:18 AM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
2:18 AM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
2:18 AM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
2:18 AM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
2:18 AM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
2:18 AM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
2:18 AM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
2:18 AM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
2:18 AM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
2:18 AM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
2:18 AM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
2:18 AM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
2:18 AM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
2:18 AM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
2:18 AM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
2:18 AM: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145)
2:18 AM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
2:18 AM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
2:18 AM: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147)
2:18 AM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
2:18 AM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
2:18 AM: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149)
2:18 AM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
2:18 AM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
2:18 AM: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151)
2:18 AM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
2:18 AM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
2:18 AM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
2:18 AM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
2:18 AM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
2:18 AM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
2:18 AM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
2:18 AM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
2:18 AM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
2:18 AM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
2:18 AM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
2:18 AM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
2:18 AM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
2:18 AM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
2:18 AM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
2:18 AM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
2:18 AM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
2:18 AM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
2:18 AM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
2:18 AM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
2:18 AM: Found Adware: bookedspace
2:18 AM: HKLM\software\configuration manager\cfgmgr52\ (368 subtraces) (ID = 104873)
2:18 AM: Found Adware: browseraid
2:18 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\a70f6a1d-0195-42a2-934c-d8ac0f7c08eb\ (1 subtraces) (ID = 105078)
2:18 AM: Found Adware: cas
2:18 AM: HKCR\clsid\{8293d547-38dd-4325-b35a-f1817edfa5fc}\ (11 subtraces) (ID = 105365)
2:18 AM: HKCR\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (9 subtraces) (ID = 105366)
2:18 AM: HKLM\software\classes\clsid\{8293d547-38dd-4325-b35a-f1817edfa5fc}\ (11 subtraces) (ID = 105368)
2:18 AM: HKLM\software\classes\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (9 subtraces) (ID = 105369)
2:18 AM: Found Adware: clearsearch
2:18 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\microsoft\internet explorer\new windows\allow\ || 69.28.210.175 (ID = 105744)
2:18 AM: Found Adware: cws-aboutblank
2:18 AM: HKCR\protocols\filter\text/html\ (2 subtraces) (ID = 114343)
2:18 AM: HKLM\software\classes\protocols\filter\text/html\ (2 subtraces) (ID = 115907)
2:18 AM: Found Adware: delfin
2:18 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\mvu\ (5 subtraces) (ID = 124884)
2:18 AM: HKLM\software\vidctrl\ (3 subtraces) (ID = 124897)
2:18 AM: Found Adware: ieplugin
2:18 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\intexp\ (10 subtraces) (ID = 128173)
2:18 AM: Found Adware: drsnsrch.com hijack
2:18 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
2:18 AM: Found Adware: redzip toolbar
2:18 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\microsoft\windows\currentversion\explorer\ || insid (ID = 139328)
2:18 AM: Found Adware: screensavers
2:18 AM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (14 subtraces) (ID = 140550)
2:18 AM: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (14 subtraces) (ID = 140551)
2:18 AM: HKCR\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (8 subtraces) (ID = 140552)
2:18 AM: HKCR\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (8 subtraces) (ID = 140553)
2:18 AM: HKCR\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (8 subtraces) (ID = 140554)
2:18 AM: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (14 subtraces) (ID = 140555)
2:18 AM: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (14 subtraces) (ID = 140556)
2:18 AM: HKLM\software\classes\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (8 subtraces) (ID = 140557)
2:18 AM: HKLM\software\classes\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (8 subtraces) (ID = 140558)
2:18 AM: HKLM\software\classes\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (8 subtraces) (ID = 140559)
2:18 AM: HKLM\software\classes\screensaversinstaller.installer.1\ (3 subtraces) (ID = 140560)
2:18 AM: HKLM\software\classes\screensaversinstaller.installer\ (5 subtraces) (ID = 140561)
2:18 AM: HKLM\software\classes\screensaversinstaller.sinstaller.1\ (3 subtraces) (ID = 140562)
2:18 AM: HKLM\software\classes\screensaversinstaller.sinstaller.1\clsid\ (1 subtraces) (ID = 140563)
2:18 AM: HKLM\software\classes\screensaversinstaller.sinstaller\ (5 subtraces) (ID = 140564)
2:18 AM: HKLM\software\classes\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (9 subtraces) (ID = 140565)
2:18 AM: HKLM\software\microsoft\code store database\distribution units\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (9 subtraces) (ID = 140566)
2:18 AM: HKLM\software\screensavers.com\ (14 subtraces) (ID = 140569)
2:18 AM: HKCR\screensaversinstaller.installer.1\ (3 subtraces) (ID = 140570)
2:18 AM: HKCR\screensaversinstaller.installer\ (5 subtraces) (ID = 140571)
2:18 AM: HKCR\screensaversinstaller.sinstaller.1\ (3 subtraces) (ID = 140572)
2:18 AM: HKCR\screensaversinstaller.sinstaller.1\clsid\ (1 subtraces) (ID = 140573)
2:18 AM: HKCR\screensaversinstaller.sinstaller\ (5 subtraces) (ID = 140574)
2:18 AM: HKCR\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (9 subtraces) (ID = 140575)
2:18 AM: Found Adware: searchtoolbar
2:18 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\{12ee7a5e-0674-42f9-a76b-000000004d00}\ (3 subtraces) (ID = 141347)
2:18 AM: Found Adware: visfx
2:18 AM: HKLM\software\microsoft\windows\currentversion\uninstall\visfx\ (2 subtraces) (ID = 145734)
2:18 AM: HKCR\activexctrl\ (3 subtraces) (ID = 169450)
2:18 AM: HKCR\clsid\{3bfadce2-1141-4b81-8878-49af625f0fdc}\ (3 subtraces) (ID = 169451)
2:18 AM: HKCR\clsid\{4208fb4d-4e53-4f5a-bf7a-3e047ddb5281}\ (21 subtraces) (ID = 169452)
2:18 AM: HKCR\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169454)
2:18 AM: HKCR\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169455)
2:18 AM: HKCR\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169456)
2:18 AM: HKLM\software\classes\activexctrl\ (3 subtraces) (ID = 169457)
2:18 AM: HKLM\software\classes\clsid\{3bfadce2-1141-4b81-8878-49af625f0fdc}\ (3 subtraces) (ID = 169458)
2:18 AM: HKLM\software\classes\clsid\{4208fb4d-4e53-4f5a-bf7a-3e047ddb5281}\ (21 subtraces) (ID = 169459)
2:18 AM: HKLM\software\classes\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169461)
2:18 AM: HKLM\software\classes\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169462)
2:18 AM: HKLM\software\classes\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169463)
2:18 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\cas\client\ (1 subtraces) (ID = 359309)
2:18 AM: Found Adware: personal money tree
2:18 AM: HKCR\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359438)
2:18 AM: HKCR\comparishopper.application\ (3 subtraces) (ID = 359439)
2:18 AM: HKLM\software\classes\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359441)
2:18 AM: HKLM\software\classes\comparishopper.application\ (3 subtraces) (ID = 359442)
2:18 AM: Found Adware: shopnavupdater
2:18 AM: HKCR\clsid\{00027925-0017-4faf-9539-90e4ac0b9ec5}\ (11 subtraces) (ID = 359486)
2:18 AM: HKCR\clsid\{5e0910c6-9e45-481c-a2ec-0ec29c96ebeb}\ (11 subtraces) (ID = 359487)
2:18 AM: HKCR\clsid\{8f7d96aa-489a-4194-ab34-21ef42507932}\ (13 subtraces) (ID = 359488)
2:18 AM: HKCR\clsid\{79406f24-8e95-4af8-9fef-2ea2b504e707}\ (13 subtraces) (ID = 359489)
2:18 AM: HKCR\clsid\{b424e2aa-4466-41ca-8194-5a83995a9b15}\ (11 subtraces) (ID = 359490)
2:18 AM: HKCR\snb.band\ (5 subtraces) (ID = 359491)
2:18 AM: HKCR\sntb.bottomframe\ (5 subtraces) (ID = 359492)
2:18 AM: HKCR\sntb.leftframe\ (5 subtraces) (ID = 359493)
2:18 AM: HKCR\sntb.popupbrowser\ (5 subtraces) (ID = 359494)
2:18 AM: HKCR\sntb.popupwindow\ (5 subtraces) (ID = 359495)
2:18 AM: HKLM\software\classes\clsid\{00027925-0017-4faf-9539-90e4ac0b9ec5}\ (11 subtraces) (ID = 359496)
2:18 AM: HKLM\software\classes\clsid\{5e0910c6-9e45-481c-a2ec-0ec29c96ebeb}\ (11 subtraces) (ID = 359497)
2:18 AM: HKLM\software\classes\clsid\{8f7d96aa-489a-4194-ab34-21ef42507932}\ (13 subtraces) (ID = 359498)
2:18 AM: HKLM\software\classes\clsid\{79406f24-8e95-4af8-9fef-2ea2b504e707}\ (13 subtraces) (ID = 359499)
2:18 AM: HKLM\software\classes\clsid\{b424e2aa-4466-41ca-8194-5a83995a9b15}\ (11 subtraces) (ID = 359500)
2:18 AM: HKLM\software\classes\snb.band\ (5 subtraces) (ID = 359501)
2:18 AM: HKLM\software\classes\sntb.bottomframe\ (5 subtraces) (ID = 359502)
2:18 AM: HKLM\software\classes\sntb.leftframe\ (5 subtraces) (ID = 359503)
2:18 AM: HKLM\software\classes\sntb.popupbrowser.1\ (3 subtraces) (ID = 359504)
2:18 AM: HKLM\software\classes\sntb.popupbrowser\ (5 subtraces) (ID = 359505)
2:18 AM: HKLM\software\classes\sntb.popupwindow.1\ (3 subtraces) (ID = 359506)
2:18 AM: HKLM\software\classes\sntb.popupwindow\ (5 subtraces) (ID = 359507)
2:18 AM: HKLM\software\classes\typelib\{46bd3f46-6e46-43d2-a69d-fd8c05044475}\ (9 subtraces) (ID = 359508)
2:18 AM: HKCR\typelib\{46bd3f46-6e46-43d2-a69d-fd8c05044475}\ (9 subtraces) (ID = 359513)
2:18 AM: Found Adware: abetterinternet
2:18 AM: HKCR\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 359578)
2:18 AM: HKCR\aurorahandlerdll.aurorahandlerdllobj.1\ (3 subtraces) (ID = 359584)
2:18 AM: HKCR\clsid\{4aa870ac-8427-42a4-b92e-ecd956197489}\ (11 subtraces) (ID = 359588)
2:18 AM: HKLM\software\classes\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 359725)
2:18 AM: HKLM\software\classes\aurorahandlerdll.aurorahandlerdllobj.1\ (3 subtraces) (ID = 359731)
2:18 AM: HKLM\software\classes\clsid\{4aa870ac-8427-42a4-b92e-ecd956197489}\ (11 subtraces) (ID = 359735)
2:18 AM: HKLM\software\classes\typelib\{6d992911-b563-47fc-ab29-437f42d1c729}\ (9 subtraces) (ID = 359756)
2:18 AM: HKCR\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 360169)
2:18 AM: HKCR\clsid\{4aa870ac-8427-42a4-b92e-ecd956197489}\ (11 subtraces) (ID = 360170)
2:18 AM: HKU\S-1-5-21-1844237615-630328440-725345543-1003\software\cmapp\ (5 subtraces) (ID = 381792)
2:18 AM: Found Trojan Horse: sysnet
2:18 AM: HKLM\software\microsoft\windows\currentversion\uninstall\sysnet\ (2 subtraces) (ID = 381857)
2:18 AM: HKCR\interface\{544b6a3f-4024-4403-9661-69b8410be505}\ (8 subtraces) (ID = 479497)
2:18 AM: HKCR\typelib\{6d992911-b563-47fc-ab29-437f42d1c729}\ (9 subtraces) (ID = 480791)
2:18 AM: HKCR\main.mimefilter\ (5 subtraces) (ID = 498504)
2:18 AM: HKLM\software\classes\main.mimefilter\ (5 subtraces) (ID = 498516)
2:18 AM: HKCR\main.mimefilter\ (5 subtraces) (ID = 499294)
2:18 AM: HKLM\software\classes\main.mimefilter\ (5 subtraces) (ID = 499295)
2:18 AM: Found Adware: rich editor
2:18 AM: HKCR\clsid\{71d1708f-973d-4600-af01-ad86688403ae}\ (11 subtraces) (ID = 544813)
2:18 AM: HKCR\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\ (9 subtraces) (ID = 544913)
2:18 AM: HKLM\software\classes\clsid\{71d1708f-973d-4600-af01-ad86688403ae}\ (11 subtraces) (ID = 550504)
2:18 AM: HKLM\software\microsoft\windows\currentversion\app paths\lanbrd\ (2 subtraces) (ID = 550562)
2:18 AM: HKLM\software\microsoft\windows\currentversion\app paths\lanbrup\ (2 subtraces) (ID = 550565)
2:18 AM: HKLM\software\classes\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\ (9 subtraces) (ID = 550573)
2:18 AM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\lanbrup.exe\ (1 subtraces) (ID = 552678)
2:18 AM: Registry Sweep Complete, Elapsed Time:00:00:13
2:18 AM: Starting Cookie Sweep
2:18 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2:18 AM: Starting File Sweep
2:18 AM: c:\windows\system32\vidctrl (ID = -2147481117)
2:18 AM: c:\windows\system32\nsvsvc (1 subtraces) (ID = -2147481119)
2:18 AM: c:\documents and settings\all users\application data\nsv (17 subtraces) (ID = -2147481136)
2:18 AM: c:\documents and settings\all users\application data\addestroyer (1 subtraces) (ID = -2147481464)
2:18 AM: Found Adware: virtualbouncer
2:18 AM: c:\documents and settings\all users\application data\vbouncer (ID = -2147480097)
2:18 AM: Found Trojan Horse: trojan-downloader-bookedspace
2:18 AM: c:\windows\cfgmgr52 (105 subtraces) (ID = -2147479590)
2:18 AM: c:\program files\aprps (12 subtraces) (ID = -2147481420)
2:18 AM: Found Adware: shopathomeselect
2:18 AM: c:\windows\system32\sahimages (6 subtraces) (ID = -2147480329)
2:18 AM: c:\program files\asys (2 subtraces) (ID = -2147477847)
2:19 AM: lanbruns.exe (ID = 122360)
2:19 AM: Found Adware: comet cursor
2:19 AM: cc_43.pnf (ID = 53470)
2:19 AM: Warning: Failed to read file "c:\documents and settings\cody neslen\local settings\temp\perflib_perfdata_5bc.dat". System Error. Code: 32.
The process cannot access the file because it is being used by another process
2:31 AM: Warning: Failed to read file "c:\windows\system32\newrszht.dll". System Error. Code: 32.
The process cannot access the file because it is being used by another process
2:31 AM: bwedsvc.exe (ID = 110132)
2:35 AM: vfx8.0-1.exe (ID = 110122)
2:35 AM: tqrmsrv.dll (ID = 120432)
2:38 AM: stb.exe (ID = 123417)
2:38 AM: rsipxmib.dll (ID = 125214)
2:38 AM: wmv1920.dbd (ID = 57692)
2:38 AM: Warning: Failed to read file "c:\windows\system32\pxlstore.dll". System Error. Code: 32.
The process cannot access the file because it is being used by another process
2:38 AM: wmv2007.dbd (ID = 57693)
2:38 AM: stlb2.xml (ID = 51947)
2:38 AM: csbjmon.dll (ID = 120432)
2:38 AM: Found Adware: purityscan
2:38 AM: shex.exe (ID = 94438)
2:38 AM: Found Adware: upspiral toolbar
2:38 AM: unist2.exe (ID = 82040)
2:38 AM: Found Adware: quicklink search toolbar
2:38 AM: uninst.exe (ID = 73428)
2:38 AM: cbtsrv.dll (ID = 120432)
2:38 AM: Found Adware: 180search assistant/zango
2:38 AM: cxtpls.dll (ID = 120160)
2:38 AM: Found Trojan Horse: trojan downloader pops-stop
2:38 AM: installerv4.exe (ID = 122359)
2:39 AM: wingenerics.dll (ID = 50187)
2:39 AM: tepvipno.dll (ID = 125444)
2:39 AM: mkgmbi.dll (ID = 119159)
2:39 AM: ttext.dll (ID = 75991)
2:39 AM: wirelanb.dll (ID = 125490)
2:39 AM: cxtpls.exe (ID = 120161)
2:39 AM: Found Trojan Horse: trojan-downloader-pacisoft
2:39 AM: xboxab.ico (ID = 113921)
2:39 AM: sony psp1.ico (ID = 125992)
2:39 AM: virushunter4.ico (ID = 113920)
2:39 AM: ringtone2.ico (ID = 125993)
2:39 AM: cqcmcuqs.dat (ID = 121494)
2:39 AM: kill all spyware.ico (ID = 125994)
2:39 AM: sinstaller.inf (ID = 74756)
2:39 AM: wmv0204.ddx (ID = 57686)
2:39 AM: wmv0504.ddx (ID = 57686)
2:39 AM: wmv0904.ddx (ID = 57691)
2:39 AM: wmv0412.ddx (ID = 57686)
2:39 AM: wmv0106.ddx (ID = 57679)
2:39 AM: wmv1204.ddx (ID = 57686)
2:39 AM: wmv1125.ddx (ID = 57685)
2:39 AM: wmv1909.ddx (ID = 57691)
2:39 AM: wmv0315.ddx (ID = 57686)
2:39 AM: Found Adware: adlogix
2:39 AM: pjnumb.xml (ID = 49280)
2:39 AM: File Sweep Complete, Elapsed Time: 00:21:04
2:39 AM: Full Sweep has completed. Elapsed time 00:24:53
2:39 AM: Traces Found: 1941
10:52 AM: |··· End of Session, Sunday, August 07, 2005 ···|
********
2:13 AM: |··· Start of Session, Sunday, August 07, 2005 ···|
2:13 AM: Spy Sweeper started
2:13 AM: Processing Hosts File Alerts
2:13 AM: Fixed Hosts File entry: HP000D9D21DF18
2:14 AM: |··· End of Session, Sunday, August 07, 2005 ···|

#13
Rawe

Posted 12 August 2005 - 01:04 PM

Visiting Staff

Member
4,746 posts

Hi again, I'm sorry about the late reply.
First, when I started to help you, I wasn't here for couple of days so Ukbiker helped me and started to help you.. But he hasn't been in for a while.
Can you post me a fresh HiJackThis log?
Let me know how's the system running.

Again, sorry for the late reply.

- Rawe :tazz:

#14
codyneslen

Posted 14 August 2005 - 01:54 AM

New Member

Topic Starter
Member
8 posts

Hey, no problem for the delay, you have helped so much as it is that i am just grateful for any reply! The computer is working great, i dont get ANY pop-ups anymore and everything seems to be working in good condition (even a little faster now too!). The only thing is that, like i mentioned earlier, the computer went back to the "classic windows" look with the grey start bar and square look. I went went into the desktop properties to change it back but the only available choice is classic, it wont let me change it back to XP style. Its not much of a problem, im getting used to the old look anyway, i was just wondering if you knew of any reasons for is and if i can find a way to change it back somehow. If not then thats fine too. Anyway, here is the new HJT log, it should be clean because the comp is working great.

Logfile of HijackThis v1.99.1
Scan saved at 12:50:53 AM, on 8/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackTHis\HijackThis.exe

O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Cadence License Manager - GLOBEtrotter Software Inc. - C:\OrCAD\license_manager\lmgrd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#15
Rawe

Posted 14 August 2005 - 06:17 AM

Visiting Staff

Member
4,746 posts

Nice, your log is clean.

Download the Luna.zip at
http://www.geekstogo...pe=post&id=2916

Unzip it (right click the luna.zip and select extract all) and MOVE the luna.msstyles which is present in that folder you unzipped to, to this folder: C:\WINDOWS\Resources\Themes\Luna

Don't move it to anywhere else other than that folder!

Now reboot.

Can you now change your XP style back?

- Rawe :tazz: