Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trd ww problem - My log file - Version 2.0 :)


  • Please log in to reply

#1
Corvis777

Corvis777

    Member

  • Member
  • PipPip
  • 12 posts
Very odd...please help :tazz:

Thanks in advance!

Logfile of HijackThis v1.99.1
Scan saved at 12:10:53 AM, on 7/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\allfolder\apps\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Perstray.lnk = ?
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10406.dll' missing
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Edited by kool808, 17 September 2005 - 11:20 PM.

  • 0

Advertisements


#2
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Welcome to Geeks to Go!. Sorry about the delay in getting to your post, we have been very busy.

Do you still require help or are your problems resolved?

Please let me know and if you still require assistance, please post a fresh HJT log.

Regards,

kool808 :tazz:
  • 0

#3
Corvis777

Corvis777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello kool808,

Thanks VERY much for getting back to my topic, I quite appreciate it. I will post the new log in a new Topic as I believe that's what I am supposed to do.

http://www.geekstogo...showtopic=56435

Cheers very very much in advance...

-ian

Edited by Corvis777, 18 August 2005 - 11:08 PM.

  • 0

#4
Corvis777

Corvis777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks in advance!

This is a continuation from the other topic, my new log file:

Logfile of HijackThis v1.99.1
Scan saved at 10:07:26 PM, on 8/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\wdfmgr.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\alg.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\allfolder\apps\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Perstray.lnk = ?
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10406.dll' missing
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
  • 0

#5
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
hello ian, I merged the new topic you posted to the old one since that will make a double post.

Please disable SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.

To disable SpySweeper:

Open it click > Options over to the left then > Program Options > Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".
(Note: We will re-ENABLE them later after your system is all clean and malware free.)

+++++++++++++++++++++++++++++++++++++

If you're having trouble connecting to the Internet try running the WinSockFix utility to repair your connection:

Download this from another computer then transfer it to your PC then run WinSockXPFix.

Please download LSPFix HERE, we will use it later if your internet connection still does not function.

+++++++++++++++++++++++++++++++++++++
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Please read the instructions for About:Buster then download it to a safe location where you can easily remember it.
Please Download the stand-alone version of CoolWebShredder
Download SpSeHjfix HERE
Download Cleanup.

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster

Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder

Please close all remaining windows, disconnect from the internet, open HijackThis then click SCAN. Please put a check on the following items listed below:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

Make sure to double check the items you have selected, then click Fix Checked.

Reboot in SAFE MODE. (How to boot in Safe Mode...)

  • Uninstallation
    We need to uninstall the following programs:
  • Go to Control Panel > Add/Remove Programs
  • Please locate if they exist

    • Wild Tangent
    • ViewPoint / Manager

  • Click Uninstall
  • Confirm with OK

Please run about:buster by RubbeRDuckY:
  • Click Begin Removal.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
In the event you get an error message then do the following:
Start > Run then paste this in the dialog box

regsvr32 C:\Windows\System32\COMCTL32.OCX

Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Through Windows Explorer, delete the following folder(s) or files(s) if they exist (in bold):
  • C:\Program Files\Viewpoint\ <-- whole folder
  • C:\Program Files\WildTangent\ <-- whole folder
Finally, Empty Recycle Bin


Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files. Reboot your computer into normal windows.

Please run an on-line virus scan at Kaspersky Online Scan or if that doesnt work, you can have an On-line scan at this sites:
Trend Micro or Panda Scan or BitDefender.
(Please post the results of the scan(s) in your next reply)

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.

Good Luck!
  • 0

#6
Corvis777

Corvis777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey kool808,

thanks again, and thanks for the merge of topics; got a bit confused there for a sec lol. :tazz:

I've just downloaded all the suggested programs and plan on closely following the process that you've laid out tomorrow.

I also uninstalled Spysweeper as opposed to disabling it as I plan on reinstalling it later. Hopefully this is ok.

Thanks for the excellent and comprehensive guide; I'll be absolutely sure to post back with the results.

Cheers,

-ian
  • 0

#7
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
good work, that is just fine :tazz:
  • 0

#8
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#9
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
This topic has been re-opened as per user's request.
  • 0

#10
Corvis777

Corvis777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
YIKES, well I thought I'd done well, then I run the online scan at the end of the process and this is what I get(luckily it looks like most of them have already been quarantined by Norton or are just in deleted email items; i have erased my deleted items now):

-------------------------------------------------------------------------------
 KASPERSKY ON-LINE SCANNER REPORT
 Sunday, September 18, 2005 00:38:20
 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
 Kaspersky On-line Scanner version: 5.0.67.0
 Kaspersky Anti-Virus database last update: 18/09/2005
 Kaspersky Anti-Virus database records: 140783
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: standard
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	A:\
	C:\
	D:\
	E:\
	F:\
	G:\
	H:\
	I:\

Scan Statistics:
	Total number of scanned objects: 142252
	Number of viruses found: 34
	Number of infected objects: 276
	Number of suspicious objects: 30
	Duration of the scan process: 6643 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Deleted Items.dbx/[From <eannschmid@yahoo.com>][Date Mon, 2 May 2005 07:25:58 -0800]/UNNAMED/document.zip/document.txt                                                                                                                                                      .scr	Infected: Email-Worm.Win32.Mabutu.a
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Deleted Items.dbx/[From <eannschmid@yahoo.com>][Date Mon, 2 May 2005 07:25:58 -0800]/UNNAMED/document.zip	Infected: Email-Worm.Win32.Mabutu.a
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Deleted Items.dbx/[From <eannschmid@yahoo.com>][Date Mon, 2 May 2005 07:25:58 -0800]/UNNAMED	Infected: Email-Worm.Win32.Mabutu.a
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Deleted Items.dbx/[From LaSalle Bank Corporation <support_ref_13753155676@lasallebank.com>][Date Sun, 26 Jun 2005 05:45:10 +0100]/UNNAMED/html	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Deleted Items.dbx/[From LaSalle Bank Corporation <support_ref_13753155676@lasallebank.com>][Date Sun, 26 Jun 2005 05:45:10 +0100]/UNNAMED	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Deleted Items.dbx	Infected: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Sent Items.dbx/[From Smith Barney=20][Date Mon, 15 Nov 2004 13:05:22 -0800]/html	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Sent Items.dbx/[From <nikki@padmabodywork.com>][Date Sun, 21 Nov 2004 11:02:45 -0800]/UNNAMED/UNNAMED/html	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Sent Items.dbx/[From <nikki@padmabodywork.com>][Date Sun, 21 Nov 2004 11:02:45 -0800]/UNNAMED/UNNAMED	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Sent Items.dbx/[From <nikki@padmabodywork.com>][Date Sun, 21 Nov 2004 11:02:45 -0800]/UNNAMED	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Sent Items.dbx/[From <nikki@padmabodywork.com>][Date Wed, 24 Nov 2004 12:03:15 -0800]/UNNAMED/UNNAMED/html	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Sent Items.dbx/[From <nikki@padmabodywork.com>][Date Wed, 24 Nov 2004 12:03:15 -0800]/UNNAMED/UNNAMED	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Sent Items.dbx/[From <nikki@padmabodywork.com>][Date Wed, 24 Nov 2004 12:03:15 -0800]/UNNAMED	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Sent Items.dbx/[From <nikki@padmabodywork.com>][Date Tue, 14 Dec 2004 18:19:05 -0800]/UNNAMED/html	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Sent Items.dbx/[From <nikki@padmabodywork.com>][Date Tue, 14 Dec 2004 18:19:05 -0800]/UNNAMED	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Sent Items.dbx/[From <nikki@padmabodywork.com>][Date Sat, 18 Dec 2004 11:15:11 -0800]/UNNAMED/UNNAMED/html	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Sent Items.dbx/[From <nikki@padmabodywork.com>][Date Sat, 18 Dec 2004 11:15:11 -0800]/UNNAMED/UNNAMED	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Sent Items.dbx/[From <nikki@padmabodywork.com>][Date Sat, 18 Dec 2004 11:15:11 -0800]/UNNAMED	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4F81C085-2651-4FE1-B186-FE401F94AA32}\Microsoft\Outlook Express\Sent Items.dbx	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A2215423-984B-4988-8B69-54CEE7D83A74}\Microsoft\Outlook Express\Phase002 (3).dbx/[From PayPal Account Review Department <service@paypal.com>][Date 1 Sep 2005 17:13:15 -0000]/html/UNNAMED	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A2215423-984B-4988-8B69-54CEE7D83A74}\Microsoft\Outlook Express\Phase002 (3).dbx/[From PayPal Account Review Department <service@paypal.com>][Date 1 Sep 2005 17:13:15 -0000]/html	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A2215423-984B-4988-8B69-54CEE7D83A74}\Microsoft\Outlook Express\Phase002 (3).dbx/[From PayPal Account Review Department <service@paypal.com>][Date 1 Sep 2005 17:13:15 -0000]/html/UNNAMED	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A2215423-984B-4988-8B69-54CEE7D83A74}\Microsoft\Outlook Express\Phase002 (3).dbx/[From PayPal Account Review Department <service@paypal.com>][Date 1 Sep 2005 17:13:15 -0000]/html	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A2215423-984B-4988-8B69-54CEE7D83A74}\Microsoft\Outlook Express\Phase002 (3).dbx	Suspicious: Trojan-Spy.HTML.Fraud.gen
C:\Program Files\Norton AntiVirus\Quarantine\001B073A	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\002D6B48	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\005814F7	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\00A30D9A	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\00AE710C	Infected: Trojan.JS.StartPage.u
C:\Program Files\Norton AntiVirus\Quarantine\00C170FC	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\0278662B	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\03B57979	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\04252FF1	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\0435444B.class	Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\049A6786	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\05377A76	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\07032231	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\07E349F8	Infected: Email-Worm.Win32.Bagle.y
C:\Program Files\Norton AntiVirus\Quarantine\08154722	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\0895751D	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\09247B5B/[From "Hafpak" <hafpak@hotmail.com>][Date Mon, 28 Feb 2005 06:54:28 +0100]/wsd01.cpl	Infected: Email-Worm.Win32.Bagle.at
C:\Program Files\Norton AntiVirus\Quarantine\09247B5B	Infected: Email-Worm.Win32.Bagle.at
C:\Program Files\Norton AntiVirus\Quarantine\092545C4	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\0A4A3A3D	Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\0B405CFF.js	Infected: Trojan-Downloader.JS.Psyme.d
C:\Program Files\Norton AntiVirus\Quarantine\0B4306FB.php	Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\0B5702E5.class	Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\0C627E5D	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\0C6C73B4.class	Infected: Trojan.Java.ClassLoader.f
C:\Program Files\Norton AntiVirus\Quarantine\0C6C73B4.htm	Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\0C7347AD.htm	Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\0CAE0559	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\0DAA1B06	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\0DB03050.class	Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\0EA6411E	Infected: Trojan-Downloader.Win32.Small.vs
C:\Program Files\Norton AntiVirus\Quarantine\0F262E6F	Infected: Email-Worm.Win32.Bagle.y
C:\Program Files\Norton AntiVirus\Quarantine\103C3883	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\10FC5BD7	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\11F6219C.class	Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\11F6219C.html	Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\134776E6	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\135A0215.js	Infected: Trojan-Downloader.JS.Psyme.d
C:\Program Files\Norton AntiVirus\Quarantine\13AA7BD3	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\14254D0D	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\145F20F5.js	Infected: Trojan-Downloader.JS.Psyme.d
C:\Program Files\Norton AntiVirus\Quarantine\14851791	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\149016BF.class	Infected: Trojan.Java.ClassLoader.f
C:\Program Files\Norton AntiVirus\Quarantine\149016BF.htm	Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\149340BC.class	Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\152D5660.class	Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\154D19EF.htm	Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\155043EB.class	Infected: Trojan-Downloader.Java.OpenConnection.b
C:\Program Files\Norton AntiVirus\Quarantine\155717E4.js	Infected: Trojan-Downloader.JS.Psyme.d
C:\Program Files\Norton AntiVirus\Quarantine\16005026	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\16BF1D42	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\16CF6264.dat	Infected: Exploit.Win32.MS04-028.gen
C:\Program Files\Norton AntiVirus\Quarantine\181406F2	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\183D2118.class	Infected: Trojan.Java.Shiwow
C:\Program Files\Norton AntiVirus\Quarantine\18627B0C.scr	Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\189046DA.scr	Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\189356FC	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\189B144C.class	Infected: Trojan-Downloader.Java.OpenConnection.b
C:\Program Files\Norton AntiVirus\Quarantine\189B144C.htm	Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\189C6437	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\18F0592B	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\19AD29F9	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\19C40AB5	Infected: Email-Worm.Win32.Bagle.y
C:\Program Files\Norton AntiVirus\Quarantine\19D223DF	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\1AF73577	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\1B01336C	Infected: Email-Worm.Win32.Bagle.y
C:\Program Files\Norton AntiVirus\Quarantine\1B0B3161	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\1B53034F.class	Infected: Trojan.Java.ClassLoader.l
C:\Program Files\Norton AntiVirus\Quarantine\1B562D4B.class	Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\1B5C0144.js	Infected: Trojan-Downloader.JS.Psyme.m
C:\Program Files\Norton AntiVirus\Quarantine\1B78057E	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\1B780CB6	Infected: Email-Worm.Win32.Bagle.y
C:\Program Files\Norton AntiVirus\Quarantine\1B9E4EFA	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\1CC434D4	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1CCF4F68	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\1DF36CE9	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\1E9903F7	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\1F5D39B3.class	Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\1F980231.class	Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\1FE113D3	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\1FFA23FD.class	Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\20C06F0B	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\20F838CE	Infected: Email-Worm.Win32.Bagle.y
C:\Program Files\Norton AntiVirus\Quarantine\21084D71	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\21E4221F	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\23903096	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\23B941AC	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\2464370A	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\24C00BF1	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\25562AFE	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\26FA1E43	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\278A7B36.class	Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\27CB31F7	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\28732453/[From "Hafpak" <hafpak@hotmail.com>][Date Tue, 01 Mar 2005 11:27:40 +0100]/siupd02.cpl	Infected: Email-Worm.Win32.Bagle.at
C:\Program Files\Norton AntiVirus\Quarantine\28732453	Infected: Email-Worm.Win32.Bagle.at
C:\Program Files\Norton AntiVirus\Quarantine\28846E88	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\28B96DD1.class	Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\28F46347	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\29784B3E	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\29CF134B/Informations.txt                                                                                                                                     .exe	Infected: Email-Worm.Win32.NetSky.aa
C:\Program Files\Norton AntiVirus\Quarantine\29CF134B	Infected: Email-Worm.Win32.NetSky.aa
C:\Program Files\Norton AntiVirus\Quarantine\2A3172BA	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\2A4F0037.class	Infected: Trojan.Java.ClassLoader.f
C:\Program Files\Norton AntiVirus\Quarantine\2A9E0DFA	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\2AE464D7	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\2B1520DD	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2C501415.class	Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\2D1373CD	Infected: Email-Worm.Win32.Bagle.ba
C:\Program Files\Norton AntiVirus\Quarantine\2FB821E2/balecolu.scr	Suspicious: Password-protected-EXE
C:\Program Files\Norton AntiVirus\Quarantine\2FB821E2	Suspicious: Password-protected-EXE
C:\Program Files\Norton AntiVirus\Quarantine\301C7B11	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\30CE6FBC	Infected: Email-Worm.Win32.Bagle.y
C:\Program Files\Norton AntiVirus\Quarantine\31A2076C	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\31D05339	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\31DA512F	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\32C931C8	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\32F812D5	Infected: Email-Worm.Win32.NetSky.d
C:\Program Files\Norton AntiVirus\Quarantine\340A2660	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\34311E34	Infected: Email-Worm.Win32.Bagle.y
C:\Program Files\Norton AntiVirus\Quarantine\343B1C2A	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\34F50C95	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\35A441D7	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\36D3435E/[From "Hafpak" <hafpak@hotmail.com>][Date Mon, 28 Feb 2005 13:30:20 +0100]/siupd02.cpl	Infected: Email-Worm.Win32.Bagle.at
C:\Program Files\Norton AntiVirus\Quarantine\36D3435E	Infected: Email-Worm.Win32.Bagle.at
C:\Program Files\Norton AntiVirus\Quarantine\3756763F	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\37AA5FF6	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\37E05014.htm	Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\38042EE2	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\38480B03/Important.txt                                                                                                                                     .exe	Infected: Email-Worm.Win32.NetSky.aa
C:\Program Files\Norton AntiVirus\Quarantine\38480B03	Infected: Email-Worm.Win32.NetSky.aa
C:\Program Files\Norton AntiVirus\Quarantine\388566DD	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\3DF21707	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\3F0C25EB	Infected: Email-Worm.Win32.Bagle.y
C:\Program Files\Norton AntiVirus\Quarantine\404F2568	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\40655124	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\406F6AFD	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\409C1A2A	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\40A25EE2	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\411A209B	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\41674A8A.htm	Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\41CC5213/zobyhyna.exe	Suspicious: Password-protected-EXE
C:\Program Files\Norton AntiVirus\Quarantine\41CC5213	Suspicious: Password-protected-EXE
C:\Program Files\Norton AntiVirus\Quarantine\42B774D9	Infected: Email-Worm.Win32.Bagle.ba
C:\Program Files\Norton AntiVirus\Quarantine\445110A5	Infected: Email-Worm.Win32.Bagle.y
C:\Program Files\Norton AntiVirus\Quarantine\44B85A8C	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\45261A22	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\454A0A08	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\46330767	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\463941B0	Infected: Trojan-Dropper.Win32.Small.hx
C:\Program Files\Norton AntiVirus\Quarantine\46987E07	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\483771D6.dll	Infected: Trojan.Win32.StartPage.is
C:\Program Files\Norton AntiVirus\Quarantine\4A6D4FD7	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\4BBC6FBA	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\4CC500F4	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\4D076A11	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\4E1E512D	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\4E3A014C	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\4E3B4B0C	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\4E75750B	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\4E871064	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\4E8F44EE	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\4ECB23AB	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\4ECE77BE	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\4FB4697A	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\50551D73	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\51C22E1A	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\51F67083/[From abbylaum@aol.com][Date Tue, 10 May 2005 12:33:23 +0200]/UNNAMED/html	Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Program Files\Norton AntiVirus\Quarantine\51F67083/[From abbylaum@aol.com][Date Tue, 10 May 2005 12:33:23 +0200]/UNNAMED	Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Program Files\Norton AntiVirus\Quarantine\51F67083	Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Program Files\Norton AntiVirus\Quarantine\52B70563.class	Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\545247EA/data.rtf                                                                           .scr	Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\545247EA	Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\548A32FA	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\56693F80	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\57774D3E	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\585A15F8	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\59762948	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\5A5C62CE	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\5A89184B	Infected: Email-Worm.Win32.Bagle.y
C:\Program Files\Norton AntiVirus\Quarantine\5AF5345F.class	Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\5B5D674A	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\5BCF1AA1	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\5C794864.scr	Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\5CBC141B	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\5D8125ED	Infected: Email-Worm.Win32.Bagle.y
C:\Program Files\Norton AntiVirus\Quarantine\5DBE6E7F	Infected: Email-Worm.Win32.Bagle.y
C:\Program Files\Norton AntiVirus\Quarantine\5ECA6F35	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\5F6C2A65	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\61CC6C27.class	Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\620F2647	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\634F4AA5.class	Infected: Trojan.Java.Shiwow
C:\Program Files\Norton AntiVirus\Quarantine\64D25119	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\65527FE6	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\66002CA4	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\66016FB3.class	Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\66D6297C	Infected: Trojan.JS.StartPage.u
C:\Program Files\Norton AntiVirus\Quarantine\676C78D6.class	Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\67E61DF2	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\68074778/details.txt                                                                     .pif	Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\68074778	Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\68CB5934	Infected: Email-Worm.Win32.Bagle.y
C:\Program Files\Norton AntiVirus\Quarantine\68D45326	Infected: Email-Worm.Win32.NetSky.aa
C:\Program Files\Norton AntiVirus\Quarantine\6A0A1D26	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\6A5C22C5.class	Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\6ADA5ECD/Part-2.txt                                                                                                                                     .exe	Infected: Email-Worm.Win32.NetSky.aa
C:\Program Files\Norton AntiVirus\Quarantine\6ADA5ECD	Infected: Email-Worm.Win32.NetSky.aa
C:\Program Files\Norton AntiVirus\Quarantine\6B431650	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\6CE92078	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\6CF56AB7.class	Infected: Trojan.Java.Shiwow
C:\Program Files\Norton AntiVirus\Quarantine\6D4C42D8/[From "Hafpak" <hafpak@hotmail.com>][Date Tue, 01 Mar 2005 18:33:27 +0100]/wsd01.cpl	Infected: Email-Worm.Win32.Bagle.at
C:\Program Files\Norton AntiVirus\Quarantine\6D4C42D8	Infected: Email-Worm.Win32.Bagle.at
C:\Program Files\Norton AntiVirus\Quarantine\6D7F157F	Infected: Email-Worm.Win32.Bagle.y
C:\Program Files\Norton AntiVirus\Quarantine\6DBF14B1	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\6DD91DDC.scr	Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\6ED476E6	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\6EF170C6	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\6EF844BF	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\6EFE18B7	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\6F056CB0	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\6F0B40A9	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\6F1214A2	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\70CC54B7	Infected: Email-Worm.Win32.Bagle.ba
C:\Program Files\Norton AntiVirus\Quarantine\70ED1D3E	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\726C0897	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\72A9641D	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\72F50EF4	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\731421C3	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\73235AC2	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\73292EBA	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\736E206F	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\73781E64/card.rtf.com	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\73781E64	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\737E725D	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\73854656	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\73887052/topseller.txt.com	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\73887052	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\738B1A4F/message.txt.com	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\738B1A4F	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\73926E47	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\73951844/mails.exe	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\73951844	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\739C6C3D/release.doc.pif	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\739C6C3D	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\739F1639	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\73A66A32	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\73A9142E	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\73E05DF1	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\73F12FDF	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\73F703D8/mydate.txt.scr	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\73F703D8	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\73FA2DD4/friend.scr	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\73FA2DD4	Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\74042BCA	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\742714E3	Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\743C758D	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\746351FA	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\74AB0912	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\74B50708	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\74C558F6	Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\7584621E	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\7596456F	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\75C4628C	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\761B6D4E	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\76E84A23	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\76EF55FD	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\783A4260	Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\790B1594	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\797244A8	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\79AA6EEC.class	Infected: Trojan.Java.Needy.c
C:\Program Files\Norton AntiVirus\Quarantine\7A55041C	Infected: Email-Worm.Win32.Bagle.y
C:\Program Files\Norton AntiVirus\Quarantine\7BC33275	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\7BF91E48/[From charles@dobsonsww.com][Date Mon, 9 May 2005 22:10:26 +0200]/UNNAMED/html	Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Program Files\Norton AntiVirus\Quarantine\7BF91E48/[From charles@dobsonsww.com][Date Mon, 9 May 2005 22:10:26 +0200]/UNNAMED	Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Program Files\Norton AntiVirus\Quarantine\7BF91E48	Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Program Files\Norton AntiVirus\Quarantine\7D0D0501	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\7D7B51A5	Infected: Email-Worm.Win32.Bagle.ah
C:\Program Files\Norton AntiVirus\Quarantine\7E0B3B86.class	Infected: Trojan.Java.ClassLoader.f
C:\Program Files\Norton AntiVirus\Quarantine\7E1D237A/[From "Hafpak" <hafpak@hotmail.com>][Date Wed, 02 Mar 2005 15:41:15 +0100]/viupd02.cpl	Infected: Email-Worm.Win32.Bagle.at
C:\Program Files\Norton AntiVirus\Quarantine\7E1D237A	Infected: Email-Worm.Win32.Bagle.at
C:\Program Files\Norton AntiVirus\Quarantine\7EFF475F	Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\7F174C1E/[From "Hafpak" <hafpak@hotmail.com>][Date Wed, 02 Mar 2005 11:40:37 +0100]/Jol03.cpl	Infected: Email-Worm.Win32.Bagle.at
C:\Program Files\Norton AntiVirus\Quarantine\7F174C1E	Infected: Email-Worm.Win32.Bagle.at

Scan process completed.

  • 0

Advertisements


#11
Corvis777

Corvis777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
also, here is the AboutBuster logFile:

AboutBuster 5.0 reference file 28
Scan started on [9/17/2005] at [5:49:14 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 5:49:16 PM


AboutBuster 5.0 reference file 28
Scan started on [9/17/2005] at [5:53:28 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 5:53:30 PM


and the SPSCHJFix logfile:

(9/17/05 5:55:02 PM) SPSeHjFix started v1.1.2
(9/17/05 5:55:02 PM) OS: WinXP Service Pack 2 (5.1.2600)
(9/17/05 5:55:02 PM) Language: english
(9/17/05 5:55:02 PM) Win-Path: C:\WINNT
(9/17/05 5:55:02 PM) System-Path: C:\WINNT\system32
(9/17/05 5:55:02 PM) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\
(9/17/05 5:55:06 PM) Disinfection started
(9/17/05 5:55:06 PM) Bad-Dll(IEP): (not found)
(9/17/05 5:55:06 PM) Bad-Dll(IEP) in BHO: (not found)
(9/17/05 5:55:06 PM) UBF: 7 - UBB: 2 - UBR: 27
(9/17/05 5:55:06 PM) UBF: 7 - UBB: 2 - UBR: 27
(9/17/05 5:55:06 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar:  
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page:  
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar:  
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page:  
(9/17/05 5:55:06 PM) Stealth-String not found
(9/17/05 5:55:06 PM) Not infected->END 

and of course the Hijack this logfile:

Logfile of HijackThis v1.99.1
Scan saved at 12:49:30 AM, on 9/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Documents and Settings\Owner\Desktop\allfolder\apps\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Perstray.lnk = ?
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10406.dll' missing
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126239552038
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)



thanks again! hopefully at least the CoolWebSearch infection is gone... :tazz:
  • 0

#12
Corvis777

Corvis777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
alas, it seems not...computer still displays "Ending program TRdWW" dialog boxes upon restart :tazz:

???
  • 0

#13
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Hi Corvis,

How is the puppy, what family of dog is it? I love to have a pet dog. :tazz:

Please change all confidential informations you have such as passwords,username,etc on all Online transactions if you are engage to any.


++++++++++++++++++++++++++++++++++++
Please SAVE THIS PAGE or secure a PRINT COPY of the instructions for reference.
++++++++ STEP Posted Image ++++++++

INTERNET CONNECTION:

If you lose your internet connection please follow step A.  If internet connection is good then skip to step B and follow the remaining procedures


STEP A:
First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access.

In the event that you lose Internet access, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", DO NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.


STEP B:
Download this from another computer then transfer it to your PC then run WinSockXPFix.

THE FIX
++++++++ STEP Posted Image ++++++++
1. Download the FxBeagle.exe file from: http://securityresponse.symantec.com/avcenter/FxBeagle.exe
3. Save the file to a convenient location, such as your downloads folder or the Windows desktop, or removable media known to be uninfected.
4. Close all the running programs before running the tool.
5. If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
6. Double-click the FxBeagle.exe file to start the removal tool.
7. Click Start to begin the process, and then allow the tool to run.
8. Restart the computer.
9. Run the removal tool again to ensure that the system is clean.


++++++++ STEP Posted Image ++++++++
Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.
Do NOT run it yet.
  • Please download FixO.exe, then save it to a safe location where you can easily remember (eg.: C:\FixO)
  • Double-click FixO.exe, extract all files it contains in the same folder as with FixO.exe
  • Double-click FixO.bat, it will then generate a Log list
  • Please post in your next reply the log list it generated.
Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite 3.5 here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Do NOT run the scan yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
(How to boot in Safe Mode...)
===================================================
We will now fix the remaining problems with HijackThis. Please close all remaining windows, disconnect from the internet, open HijackThis then click SCAN. Please put a check on the following items listed below:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Make sure to double check the items you have selected,then click Fix Checked.
===================================================

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

++++++++ STEP Posted Image ++++++++
Open Ad-aware and do a full scan. Remove all it finds.

++++++++ STEP Posted Image ++++++++
Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.

++++++++ STEP Posted Image ++++++++
Reboot back into NORMAL MODE Windows

Update and Clear Java Cache:

1. Click Start > Control Panel.

2. Double-click the Java icon (coffee cup) in the control panel. It will say "Java Plug-in" under the icon - please find the update button or tab in that Java control panel. Update your Java, and reboot.

After reboot, go back into the Control Panel and double-click the Java icon.

3. Under General Tab, click the Settings button.

Under the Delete Files there are three options on this window to clear the cache - put ALL 3 a check mark.
1. Downloaded Applets
2. Downloaded Applications
3. Other Files


4. Click OK, then click Delete Files
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

5. Click OK again to leave the Java Control Panel.

++++++++ STEP Posted Image ++++++++
NOW click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!

THINGS TO POST:
1. New Hijackthis log
2. Ewido Report
3. FixO Log
4. SmitRem log
5. FxBeagle log
6. Panda Scan Log




Let me know how it goes. :)
GOOD LUCK!!!
  • 0

#14
Corvis777

Corvis777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Well we are actually trying to get a Burmese mountain dog but that's a whole 'nother story... :tazz:

Cool, so did all that but ran into 2 problems(and i STILL have the 'TRD WW END PROGRAM' ERROR on shutdown?!):

1) The PandaScan seemed to keep hanging up on "C:\WINNT\Explorer.EXE"; I even kept it running all night and by morning it still hadn't progressed past this point.

2) There was no Java icon in my control panel.

Everything else follows:

HIJACK THIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 9:53:15 PM, on 9/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Documents and Settings\Owner\Desktop\allfolder\apps\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Perstray.lnk = ?
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126239552038
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) -  - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)


EWIDO REPORT:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:  9:38:34 PM, 9/18/2005
+ Report-Checksum:  AD73A356

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKU\S-1-5-21-2034719521-827498511-465444086-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2034719521-827498511-465444086-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-pacifictheatres.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP727\A0098647.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP727\A0098662.dll -> Spyware.WildTangent : Cleaned with backup


::Report End


FIXO LOG:

running from ---
C:\Documents and Settings\Owner\Desktop\ProblemSolver_GeekstoGo\FixO

StartPAge.O Removal batch 1.00
 
          by miekiemoes         
 
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
existing bad files:
-----------------------------------------------------


existing important bad keys:
-----------------------------------------------------


Merging Registry----------


Deleting Files-------------


Searching for files not deleted:
-----------------------------------------------------


Searching for keys not deleted:
----------------------------------------------------- 



SmitRem LOG:

  smitRem log file
    version 2.3

    by noahdfear

The current date is: Sun 09/18/2005
The current time is: 17:24:09.73

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN! :)


FX BEAGLE LOG:

ArchiveData(auto-quarantine- 2005-09-19 00-02-23.bckp)
Referencefile : SE1R66 14.09.2005
======================================================

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent\4Z2QM235.LNK
obj[1]=MRU FileReference : C:\Documents and Settings\Owner\recent\Ab LogFile.txt.lnk
obj[2]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles\c1
obj[3]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles\c2
obj[4]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles\c3
obj[5]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles\c4
obj[6]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles\c5
obj[7]=MRU FileReference : C:\Documents and Settings\Owner\recent\FixO.lnk
obj[8]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\adobe\photoshop\7.0\visiteddirs
obj[9]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\macromedia\dreamweaver 6\recent file list
obj[10]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\macromedia\flash 7\recent file list
obj[11]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\direct3d\mostrecentapplication name
obj[12]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[13]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\direct3d\mostrecentapplication name
obj[14]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[15]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[16]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\directinput\mostrecentapplication name
obj[17]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\directinput\mostrecentapplication id
obj[18]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\internet explorer download directory
obj[19]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\internet explorer\typedurls
obj[20]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\mediaplayer\medialibraryui mllastselectednode
obj[21]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\mediaplayer\player\recentfilelist
obj[22]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\mediaplayer\preferences cdrecordpath
obj[23]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\mediaplayer\preferences lastplaylistindex
obj[24]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\mediaplayer\preferences lastplaylist
obj[25]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\mediaplayer\preferences searchpath
obj[26]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\search assistant\acmru\5001
obj[27]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\search assistant\acmru\5603
obj[28]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\search assistant\acmru\5604
obj[29]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[30]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.001
obj[31]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.aep
obj[32]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.as
obj[33]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.asx
obj[34]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.avi
obj[35]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.bmp
obj[36]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.chm
obj[37]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.clr
obj[38]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.CUI
obj[39]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.diz
obj[40]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.doc
obj[41]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.eml
obj[42]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.eps
obj[43]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.fla
obj[44]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.gif
obj[45]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.gz
obj[46]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.htm
obj[47]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.html
obj[48]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.IFO
obj[49]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.INF
obj[50]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.ini
obj[51]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.jpeg
obj[52]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.jpg
obj[53]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.LOG
obj[54]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.m3u
obj[55]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\realnetworks\realplayer\6.0\preferences\LastLoginTime
obj[56]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.mov
obj[57]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.mp3
obj[58]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.mpeg
obj[59]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips1
obj[60]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips2
obj[61]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips3
obj[62]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips4
obj[63]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips5
obj[64]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips6
obj[65]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips7
obj[66]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips8
obj[67]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.pm
obj[68]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.png
obj[69]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.psd
obj[70]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.ram
obj[71]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.rar
obj[72]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.rm
obj[73]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.rtf
obj[74]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.shtml
obj[75]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.swf
obj[76]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.tga
obj[77]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.tif
obj[78]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.txt
obj[79]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.WAB
obj[80]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.wav
obj[81]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.wmv
obj[82]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.xml
obj[83]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.zip
obj[84]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[85]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\recentdocs\NetHood
obj[86]=MRU RegReference : .DEFAULT\software\microsoft\windows media\wmsdk\general computername
obj[87]=MRU RegReference : S-1-5-18\software\microsoft\windows media\wmsdk\general computername
obj[88]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows media\wmsdk\general computername
obj[89]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\winrar\dialogedithistory\extrpath
obj[90]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\wav
obj[91]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\wmv
obj[92]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\xls
obj[93]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\xml
obj[94]=MRU RegReference : S-1-5-21-2034719521-827498511-465444086-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\zip

COOLWEBSEARCH
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[39]=RegValue : S-1-5-18\software\microsoft\internet explorer\main "HOMEOldSP"
obj[48]=Regkey : software\microsoft\downloadmanager
obj[49]=RegValue : software\microsoft\internet explorer\main "Enable Browser Extensions"
obj[50]=RegValue : software\microsoft\internet explorer\main "Use Custom Search URL"
obj[51]=RegValue : software\microsoft\internet explorer\main "Toolbars_Placement"
obj[52]=RegValue : software\microsoft\internet explorer\new windows "PopupMgr"
obj[53]=RegValue : software\microsoft\internet explorer\search\searchproperties\en-us "Panel@Web"
obj[54]=RegValue : software\microsoft\internet explorer\main "Search Page"
obj[55]=RegValue : software\microsoft\windows\currentversion\policies\system "NoDispAppearancePage"
obj[56]=File : C:\WINNT\system32\wbem\logs\wbemess.log

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[40]=IECache Entry : Cookie:owner@servedby.advertising.com/
obj[41]=IECache Entry : Cookie:owner@advertising.com/
obj[42]=IECache Entry : Cookie:owner@realmedia.com/
obj[43]=IECache Entry : Cookie:owner@2o7.net/
obj[44]=IECache Entry : Cookie:owner@atdmt.com/
obj[45]=IECache Entry : Cookie:owner@hitbox.com/
obj[46]=IECache Entry : Cookie:owner@ehg-pacifictheatres.hitbox.com/
obj[47]=IECache Entry : Cookie:owner@doubleclick.net/




I am soooo confused...I really appreciate all your help though! It's awfully kind of you... :)

thanks again,

-ian
  • 0

#15
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Hi Ian,

Very good you did well, you can now remove smitrem, fixbeagle and FixO.

RIGHT-CLICK [ HERE ] and Save As (In IE it's "Save Target As") in order to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

+++++++++++++++++++++++++++++++++
TRD WW - Total Recorder

From http://www.highcrite...talRecorder.pdf Symptom - System message about locked windows "TRd ww..." Locked windows appear when you shut down your system with titles that begin with "TR ww". Possible Cause #1 Accelerated recording mode can conflict with other programs. Action #1 Disable accelerated recording mode. For more information, see "Using the System Tab". Disable accelerated recording mode This option applies only to Windows NT, 2000 and XP. Accelerated recording mode can conflict with other programs. For example, you may see locked windows with titles that begin with "TRd ww" when you shut down your system. To prevent such problems, you can disable accelerated recording mode for all or some programs. To disable accelerated recording mode, click the «Disable accelerated recording mode» button. Once you set this option, any attempt to make a recording in accelerated mode is ignored and the recording starts in ordinary mode. With accelerated recording mode disabled, you can allow accelerated recording mode for certain programs. The programs are shown in the list below «Enable accelerated recording for these programs». To add a program to the list: 1. Click the "Add" button. 2. At the bottom of the list, specify the program’s executable file name without the path (e.g. someprogram.exe). Changing this option does not affect programs that are currently running. For these programs, any changes will take effect the next time they are started.


LINK : http://www.annoyances.org/exec/forum/winxp/t1044684488

+++++++++++++++++++++++++++++++++
Please close all remaining windows, disconnect from the internet, open HijackThis then click SCAN. Please put a check on the following items listed below:

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

Make sure to double check the items you have selected, then click Fix Checked.

+++++++++++++++++++++++++++++++++
Download the latest version of Ad-Aware from HERE (if you already have Ad-Aware installed, make sure that it is the latest version and always go online and update it before you run it).

Download Lavasoft's VX2 Cleaner plug-in HERE
  • Install the VX2 Cleaner
  • Start Ad-Aware SE
  • Go to "Plug-ins"
  • Select the VX2 Cleaner plug-in and click "Run Plugin"
  • If your computer isn't infected, click "Close".
If your computer is infected
  • Select "Clean system"
  • Reboot your computer
  • Scan your computer with Ad-Aware
  • Remove any VX2 objects detected
  • Reboot your computer again
  • Run a second scan to make sure the files have been removed from your computer
Reboot your PC.

have a verification scan at kaspersky, if all clean or in quarantine that is a good sign. You should only worry about the results that was NOT disinfected.

Post back a new hijackthis log. Let me know how did it go.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP