pop-ups [CLOSED]
Started by
Hazjack
, Sep 07 2005 01:32 PM
-
This topic is locked
#1
Posted 07 September 2005 - 01:32 PM
Hazjack
-
- Member
-
- 31 posts
Member
#2
Posted 07 September 2005 - 01:47 PM
Hazjack
- Topic Starter
-
- Member
-
- 31 posts
Member
Here is the HiJack this log referenced.
Logfile of HijackThis v1.99.1
Scan saved at 2:53:29 PM, on 09/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\wintask.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\lpl4kd.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\system32\medgs1.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Cas\Client\casclient.exe
C:\WINDOWS\system32\pnces.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\WINDOWS\T3duZXIA\command.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
A:\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ampmsearch.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [Real-Tens] "C:\Program Files\Real-Tens\Real-Tens.exe" /H
O4 - HKLM\..\Run: [ntyaowoo] C:\WINDOWS\System32\ntyaowoo.exe /setuser
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliterag32.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lpl4kd.exe reg_run
O4 - HKLM\..\Run: [exp] C:\WINDOWS\System32\exp
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [AutoLoaderqFxe1PbRMKaV] "C:\WINDOWS\System32\nwpecab.exe"
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\system32\medgs1.exe
O4 - HKLM\..\Run: [opr] C:\WINDOWS\system32\opr.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [Windows Incontext] C:\DOCUME~1\Owner\LOCALS~1\Temp\InSearch.exe
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [bBx8RRK9X] pnces.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [uurk] C:\PROGRA~1\COMMON~1\uurk\uurkm.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg...MARKETING32.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125520529608
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-mo...abs/diamond.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0022.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T3duZXIA\command.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Windows Management Instrumentation service (ntyaowoo) - Unknown owner - C:\WINDOWS\system32\ntyaowoo.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
Hazjack
Logfile of HijackThis v1.99.1
Scan saved at 2:53:29 PM, on 09/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\wintask.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\lpl4kd.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\system32\medgs1.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Cas\Client\casclient.exe
C:\WINDOWS\system32\pnces.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\WINDOWS\T3duZXIA\command.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
A:\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ampmsearch.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [Real-Tens] "C:\Program Files\Real-Tens\Real-Tens.exe" /H
O4 - HKLM\..\Run: [ntyaowoo] C:\WINDOWS\System32\ntyaowoo.exe /setuser
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliterag32.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lpl4kd.exe reg_run
O4 - HKLM\..\Run: [exp] C:\WINDOWS\System32\exp
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [AutoLoaderqFxe1PbRMKaV] "C:\WINDOWS\System32\nwpecab.exe"
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\system32\medgs1.exe
O4 - HKLM\..\Run: [opr] C:\WINDOWS\system32\opr.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [Windows Incontext] C:\DOCUME~1\Owner\LOCALS~1\Temp\InSearch.exe
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [bBx8RRK9X] pnces.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [uurk] C:\PROGRA~1\COMMON~1\uurk\uurkm.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg...MARKETING32.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125520529608
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-mo...abs/diamond.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0022.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T3duZXIA\command.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Windows Management Instrumentation service (ntyaowoo) - Unknown owner - C:\WINDOWS\system32\ntyaowoo.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
Hazjack
#3
Posted 07 September 2005 - 09:43 PM
loophole
-
- Retired Staff
-
- 9,798 posts
Malware Expert
Hello Hazjack 
Is this the same computer you were here last month with? This is a mess. This will take quite a few steps to clean. If you wish to begin, post a brand new hijack log and we will proceed
Is this the same computer you were here last month with? This is a mess. This will take quite a few steps to clean. If you wish to begin, post a brand new hijack log and we will proceed
#4
Posted 12 September 2005 - 03:34 PM
Hazjack
- Topic Starter
-
- Member
-
- 31 posts
Member
No, Sorry- this is a different computer.
I will post a new log tomorrow.
Hazjack
I will post a new log tomorrow.
Hazjack
#6
Posted 14 September 2005 - 12:42 PM
Hazjack
- Topic Starter
-
- Member
-
- 31 posts
Member
Here is my new Hijack log sorry for the wait.
Logfile of HijackThis v1.99.1
Scan saved at 1:36:19 PM, on 09/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\T3duZXIA\command.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\medgs1.exe
C:\WINDOWS\system32\opr.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\InSearch.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Windows\services32.exe
C:\WINDOWS\system\vpmapaalvu.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ampmsearch.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [ntyaowoo] C:\WINDOWS\System32\ntyaowoo.exe /setuser
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [AutoLoaderqFxe1PbRMKaV] "C:\WINDOWS\System32\nwpecab.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\system32\medgs1.exe
O4 - HKLM\..\Run: [opr] C:\WINDOWS\system32\opr.exe
O4 - HKLM\..\Run: [Windows Incontext] C:\DOCUME~1\Owner\LOCALS~1\Temp\InSearch.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [bBx8RRK9X] pnces.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [uurk] C:\PROGRA~1\COMMON~1\uurk\uurkm.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg...MARKETING32.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125520529608
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-mo...abs/diamond.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0012.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T3duZXIA\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Windows Management Instrumentation service (ntyaowoo) - Unknown owner - C:\WINDOWS\system32\ntyaowoo.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
Thanks
Hazjack
Logfile of HijackThis v1.99.1
Scan saved at 1:36:19 PM, on 09/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\T3duZXIA\command.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\medgs1.exe
C:\WINDOWS\system32\opr.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\InSearch.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Windows\services32.exe
C:\WINDOWS\system\vpmapaalvu.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ampmsearch.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [ntyaowoo] C:\WINDOWS\System32\ntyaowoo.exe /setuser
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [AutoLoaderqFxe1PbRMKaV] "C:\WINDOWS\System32\nwpecab.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\system32\medgs1.exe
O4 - HKLM\..\Run: [opr] C:\WINDOWS\system32\opr.exe
O4 - HKLM\..\Run: [Windows Incontext] C:\DOCUME~1\Owner\LOCALS~1\Temp\InSearch.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [bBx8RRK9X] pnces.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [uurk] C:\PROGRA~1\COMMON~1\uurk\uurkm.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg...MARKETING32.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125520529608
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-mo...abs/diamond.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0012.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T3duZXIA\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Windows Management Instrumentation service (ntyaowoo) - Unknown owner - C:\WINDOWS\system32\ntyaowoo.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
Thanks
Hazjack
#7
Posted 14 September 2005 - 02:14 PM
loophole
-
- Retired Staff
-
- 9,798 posts
Malware Expert
Lets get you fixed up.
Please follow the directions as closely as you can . Lets begin
First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.
To Get rid of NewDotNet, go to:
Start > Control Panel > Add or Remove Programs and remove the following:
New.Net Applications or New.Net Domains (anything that says New.Net)
If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.
In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.
Download and install CleanUp! Here
but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups
You may wish to print out a copy of these instructions to follow while you complete this procedure
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [AutoLoaderqFxe1PbRMKaV] "C:\WINDOWS\System32\nwpecab.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\system32\medgs1.exe
O4 - HKLM\..\Run: [opr] C:\WINDOWS\system32\opr.exe
O4 - HKLM\..\Run: [Windows Incontext] C:\DOCUME~1\Owner\LOCALS~1\Temp\InSearch.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [bBx8RRK9X] pnces.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [uurk] C:\PROGRA~1\COMMON~1\uurk\uurkm.exe
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg...MARKETING32.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-mo...abs/diamond.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0012.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
Please remove these entries from Add/Remove Programs in the Control Panel(if present):
Media Access
BullsEye Network
Cas
Please note any other programs that you dont recognize in that list in your next response
Please delete these folders using Windows Explorer(if present):
C:\Program Files\Media Access
C:\Program Files\BullsEye Network
C:\WINDOWS\etb
C:\Program Files\Cas
C:\WINDOWS\T3duZXIA
Please delete these files using Windows Explorer(if present):
C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\VCMnet11.exe
C:\WINDOWS\System32\nwpecab.exe
C:\WINDOWS\system32\medgs1.exe
C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
C:\PROGRA~1\COMMON~1\uurk
C:\WINDOWS\System32\aupdate.exe
C:\WINDOWS\system32\opr.exe
C:\Program Files\Common Files\Windows\services32.exe
pnces.exe >>>>>>>>> You will have to search for this one
Now run Cleanup
Now click start>>>>>run and type in sc stop cmdService
Now click start>>>>>run and type in sc delete cmdService
After that, Reboot.
Please run this online virus scan:
Panda Active Scan You need to use Internet Explorer for this scan.
Thanks
Please follow the directions as closely as you can . Lets begin
First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.
To Get rid of NewDotNet, go to:
Start > Control Panel > Add or Remove Programs and remove the following:
New.Net Applications or New.Net Domains (anything that says New.Net)
If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.
In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.
Download and install CleanUp! Here
but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups
You may wish to print out a copy of these instructions to follow while you complete this procedure
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [AutoLoaderqFxe1PbRMKaV] "C:\WINDOWS\System32\nwpecab.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\system32\medgs1.exe
O4 - HKLM\..\Run: [opr] C:\WINDOWS\system32\opr.exe
O4 - HKLM\..\Run: [Windows Incontext] C:\DOCUME~1\Owner\LOCALS~1\Temp\InSearch.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [bBx8RRK9X] pnces.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [uurk] C:\PROGRA~1\COMMON~1\uurk\uurkm.exe
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg...MARKETING32.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-mo...abs/diamond.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0012.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
Please remove these entries from Add/Remove Programs in the Control Panel(if present):
Media Access
BullsEye Network
Cas
Please note any other programs that you dont recognize in that list in your next response
Please delete these folders using Windows Explorer(if present):
C:\Program Files\Media Access
C:\Program Files\BullsEye Network
C:\WINDOWS\etb
C:\Program Files\Cas
C:\WINDOWS\T3duZXIA
Please delete these files using Windows Explorer(if present):
C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\VCMnet11.exe
C:\WINDOWS\System32\nwpecab.exe
C:\WINDOWS\system32\medgs1.exe
C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
C:\PROGRA~1\COMMON~1\uurk
C:\WINDOWS\System32\aupdate.exe
C:\WINDOWS\system32\opr.exe
C:\Program Files\Common Files\Windows\services32.exe
pnces.exe >>>>>>>>> You will have to search for this one
Now run Cleanup
Now click start>>>>>run and type in sc stop cmdService
Now click start>>>>>run and type in sc delete cmdService
After that, Reboot.
Please run this online virus scan:
Panda Active Scan You need to use Internet Explorer for this scan.
- Once you get to the Panda site, scroll down a bit and click on Scan your PC
- A new window will appear; click on Check Now!
- A new window will appear; fill in the boxes (Country, State, email addy)
- Click on Scan Now! >
If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files. - From "Select a device to scan...", choose "My Computer"
- Allow the scan to run. It'll take a while.
- When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
- I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here. Also post a new Hijack log
Thanks
#8
Posted 16 September 2005 - 11:14 AM
Hazjack
- Topic Starter
-
- Member
-
- 31 posts
Member
Here are the new logs. Thanks.
Hazjack
Logfile of HijackThis v1.99.1
Scan saved at 1:36:19 PM, on 09/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\T3duZXIA\command.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\medgs1.exe
C:\WINDOWS\system32\opr.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\InSearch.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Windows\services32.exe
C:\WINDOWS\system\vpmapaalvu.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ampmsearch.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [ntyaowoo] C:\WINDOWS\System32\ntyaowoo.exe /setuser
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [AutoLoaderqFxe1PbRMKaV] "C:\WINDOWS\System32\nwpecab.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\system32\medgs1.exe
O4 - HKLM\..\Run: [opr] C:\WINDOWS\system32\opr.exe
O4 - HKLM\..\Run: [Windows Incontext] C:\DOCUME~1\Owner\LOCALS~1\Temp\InSearch.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [bBx8RRK9X] pnces.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [uurk] C:\PROGRA~1\COMMON~1\uurk\uurkm.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg...MARKETING32.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125520529608
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-mo...abs/diamond.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0012.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T3duZXIA\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Windows Management Instrumentation service (ntyaowoo) - Unknown owner - C:\WINDOWS\system32\ntyaowoo.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
Active Scan Log:
Incident Status Location
Possible Virus. No disinfected C:\WINDOWS\SYSTEM32\NTYAOWOO.EXE
Adware:adware/pacimedia No disinfected C:\Documents and Settings\Owner\Favorites\1111\1111.url
Adware:adware/maxifiles No disinfected C:\PROGRAM FILES\COMMON FILES\services.exe
Adware:adware/apropos No disinfected C:\WINDOWS\SYSTEM32\auto_update_uninstall.log
Adware:adware/cws.searchmeup No disinfected C:\WINDOWS\SYSTEM32\bose.ico
Spyware:spyware/bargainbuddy No disinfected C:\WINDOWS\SYSTEM32\exclean.exe
Adware:adware/wupd No disinfected C:\WINDOWS\SYSTEM32\ide21201.vxd
Adware:adware/sqwire No disinfected C:\WINDOWS\SYSTEM32\tsuninst.exe
Adware:adware/ilookup No disinfected C:\WINDOWS\SYSTEM32\xbox_round1.bmp
Adware:adware/afaenhance No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:adware/gator No disinfected C:\GatorPatch.log
Adware:adware/addestroyer No disinfected C:\PROGRAM FILES\AdDestroyer
Spyware:spyware/altnet No disinfected C:\PROGRAM FILES\Altnet
Adware:adware/consumeralertsystemNo disinfected C:\PROGRAM FILES\CasStub
Adware:adware/downloadware No disinfected C:\PROGRAM FILES\MedCh
Adware:adware/myway No disinfected C:\PROGRAM FILES\MyWay
Spyware:spyware/new.net No disinfected C:\PROGRAM FILES\NewDotNet
Adware:adware/ist.yoursitebar No disinfected C:\PROGRAM FILES\YourSiteBar
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/dealhelper No disinfected C:\WINDOWS\SYSTEM32\DealHelper
Adware:adware/virtualbouncer No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\VBouncer
Adware:adware/ist.sidefind No disinfected Windows Registry
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Owner\Desktop\backups\backup-20050915-133629-771
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet\mc-110-12-0000079.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\services.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll[gui.exe]
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll[cwebpage.dll]
Adware:Adware/Maxifiles No disinfected C:\Program Files\DNS\cwebpage.dll
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0284819.dll
Adware:Adware/Oemji No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0284839.dll
Adware:Adware/Oemji No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0284842.dll
Adware:Adware/Oemji No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0284845.dll
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0285172.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0285173.cpl
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP634\A0289193.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP634\A0290194.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP634\A0291194.exe
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP634\A0291204.dll
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291225.dll
Adware:Adware/SaveNow No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291232.exe
Adware:Adware/404Search No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291250.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291258.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291261.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291266.dll
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0292254.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0293254.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0293266.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0294266.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP636\A0295267.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP636\A0295296.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP636\A0295309.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP636\A0295314.dll
Adware:Adware/Sqwire No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0296304.dll
Adware:Adware/IST.YourSiteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0296332.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0296340.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0296342.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297312.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297314.dll[Catcher.dll]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297314.dll[cwebpage.dll]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297314.dll[gui.exe]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297317.dll
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0298313.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0298328.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0299327.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0303633.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0304557.exe
Adware:Adware/DelFinMedia No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0304558.exe
Adware:Adware/ClkOptimizer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0304569.dll
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0304582.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP654\A0304695.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP655\A0304898.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0305858.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0305861.dll[gui.exe]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0305861.dll[cwebpage.dll]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0305870.dll
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0306232.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0306256.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0306306.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0306401.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307399.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307424.exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307425.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307426.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307427.exe
Spyware:Spyware/New.net No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307428.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307431.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307433.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307434.dll
Adware:Adware/BookedSpace No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307435.exe
Spyware:Spyware/New.net No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307436.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307438.exe
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307439.exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307442.exe
Adware:Adware/DealHelper No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307443.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307444.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307445.exe
Adware:Adware/ExactSearch No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307446.exe
Adware:Adware/DealHelper No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307447.dll
Adware:Adware/Qoologic No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307448.exe
Adware:Adware/ExactSearch No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307449.vxd
Virus:Trj/Downloader.BJG Disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307450.exe
Virus:Trj/Downloader.BYZ Disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307451.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307452.srg
Adware:Adware/ISearch No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307453.exe
Spyware:Spyware/New.net No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307455.EXE
Adware:Adware/BigTrafficNet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307456.dll
Spyware:Spyware/Dyfuca No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307457.exe
Virus:Trj/Downloader.BJG Disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307458.exe
Adware:Adware/AdDestroyer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307459.dll
Adware:Adware/AdDestroyer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307460.dll
Virus:Trj/Downloader.BJG Disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307461.exe
Adware:Adware/AdDestroyer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307462.dll
Adware:Adware/AdDestroyer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307463.dll
Adware:Adware/DealHelper No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307464.exe
Virus:Trj/Downloader.BJG Disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307466.exe
Adware:Adware/ClockSync No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307467.exe
Virus:Trj/Downloader.BJG Disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307468.exe
Adware:Adware/QoolShown No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307469.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308410.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308413.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308425.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308426.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308428.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308429.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308436.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308438.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308440.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308446.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308448.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308449.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308457.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308458.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308462.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308468.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309452.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309453.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309459.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309460.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309461.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309462.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309463.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309464.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309465.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309466.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309467.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309468.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309469.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309470.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309471.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309472.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309478.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309480.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309490.exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309506.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309523.exe
Adware:Adware/EliteBar No disinfected C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
Hazjack
Logfile of HijackThis v1.99.1
Scan saved at 1:36:19 PM, on 09/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\T3duZXIA\command.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\medgs1.exe
C:\WINDOWS\system32\opr.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\InSearch.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Windows\services32.exe
C:\WINDOWS\system\vpmapaalvu.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ampmsearch.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [ntyaowoo] C:\WINDOWS\System32\ntyaowoo.exe /setuser
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [AutoLoaderqFxe1PbRMKaV] "C:\WINDOWS\System32\nwpecab.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\system32\medgs1.exe
O4 - HKLM\..\Run: [opr] C:\WINDOWS\system32\opr.exe
O4 - HKLM\..\Run: [Windows Incontext] C:\DOCUME~1\Owner\LOCALS~1\Temp\InSearch.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [bBx8RRK9X] pnces.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [uurk] C:\PROGRA~1\COMMON~1\uurk\uurkm.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg...MARKETING32.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125520529608
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-mo...abs/diamond.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0012.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T3duZXIA\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Windows Management Instrumentation service (ntyaowoo) - Unknown owner - C:\WINDOWS\system32\ntyaowoo.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
Active Scan Log:
Incident Status Location
Possible Virus. No disinfected C:\WINDOWS\SYSTEM32\NTYAOWOO.EXE
Adware:adware/pacimedia No disinfected C:\Documents and Settings\Owner\Favorites\1111\1111.url
Adware:adware/maxifiles No disinfected C:\PROGRAM FILES\COMMON FILES\services.exe
Adware:adware/apropos No disinfected C:\WINDOWS\SYSTEM32\auto_update_uninstall.log
Adware:adware/cws.searchmeup No disinfected C:\WINDOWS\SYSTEM32\bose.ico
Spyware:spyware/bargainbuddy No disinfected C:\WINDOWS\SYSTEM32\exclean.exe
Adware:adware/wupd No disinfected C:\WINDOWS\SYSTEM32\ide21201.vxd
Adware:adware/sqwire No disinfected C:\WINDOWS\SYSTEM32\tsuninst.exe
Adware:adware/ilookup No disinfected C:\WINDOWS\SYSTEM32\xbox_round1.bmp
Adware:adware/afaenhance No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:adware/gator No disinfected C:\GatorPatch.log
Adware:adware/addestroyer No disinfected C:\PROGRAM FILES\AdDestroyer
Spyware:spyware/altnet No disinfected C:\PROGRAM FILES\Altnet
Adware:adware/consumeralertsystemNo disinfected C:\PROGRAM FILES\CasStub
Adware:adware/downloadware No disinfected C:\PROGRAM FILES\MedCh
Adware:adware/myway No disinfected C:\PROGRAM FILES\MyWay
Spyware:spyware/new.net No disinfected C:\PROGRAM FILES\NewDotNet
Adware:adware/ist.yoursitebar No disinfected C:\PROGRAM FILES\YourSiteBar
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/dealhelper No disinfected C:\WINDOWS\SYSTEM32\DealHelper
Adware:adware/virtualbouncer No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\VBouncer
Adware:adware/ist.sidefind No disinfected Windows Registry
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Owner\Desktop\backups\backup-20050915-133629-771
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet\mc-110-12-0000079.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\services.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll[gui.exe]
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll[cwebpage.dll]
Adware:Adware/Maxifiles No disinfected C:\Program Files\DNS\cwebpage.dll
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0284819.dll
Adware:Adware/Oemji No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0284839.dll
Adware:Adware/Oemji No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0284842.dll
Adware:Adware/Oemji No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0284845.dll
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0285172.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0285173.cpl
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP634\A0289193.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP634\A0290194.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP634\A0291194.exe
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP634\A0291204.dll
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291225.dll
Adware:Adware/SaveNow No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291232.exe
Adware:Adware/404Search No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291250.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291258.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291261.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291266.dll
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0292254.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0293254.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0293266.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0294266.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP636\A0295267.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP636\A0295296.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP636\A0295309.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP636\A0295314.dll
Adware:Adware/Sqwire No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0296304.dll
Adware:Adware/IST.YourSiteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0296332.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0296340.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0296342.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297312.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297314.dll[Catcher.dll]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297314.dll[cwebpage.dll]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297314.dll[gui.exe]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297317.dll
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0298313.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0298328.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0299327.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0303633.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0304557.exe
Adware:Adware/DelFinMedia No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0304558.exe
Adware:Adware/ClkOptimizer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0304569.dll
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0304582.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP654\A0304695.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP655\A0304898.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0305858.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0305861.dll[gui.exe]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0305861.dll[cwebpage.dll]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0305870.dll
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0306232.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0306256.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0306306.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0306401.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307399.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307424.exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307425.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307426.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307427.exe
Spyware:Spyware/New.net No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307428.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307431.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307433.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307434.dll
Adware:Adware/BookedSpace No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307435.exe
Spyware:Spyware/New.net No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307436.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307438.exe
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307439.exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307442.exe
Adware:Adware/DealHelper No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307443.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307444.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307445.exe
Adware:Adware/ExactSearch No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307446.exe
Adware:Adware/DealHelper No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307447.dll
Adware:Adware/Qoologic No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307448.exe
Adware:Adware/ExactSearch No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307449.vxd
Virus:Trj/Downloader.BJG Disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307450.exe
Virus:Trj/Downloader.BYZ Disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307451.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307452.srg
Adware:Adware/ISearch No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307453.exe
Spyware:Spyware/New.net No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307455.EXE
Adware:Adware/BigTrafficNet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307456.dll
Spyware:Spyware/Dyfuca No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307457.exe
Virus:Trj/Downloader.BJG Disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307458.exe
Adware:Adware/AdDestroyer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307459.dll
Adware:Adware/AdDestroyer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307460.dll
Virus:Trj/Downloader.BJG Disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307461.exe
Adware:Adware/AdDestroyer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307462.dll
Adware:Adware/AdDestroyer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307463.dll
Adware:Adware/DealHelper No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307464.exe
Virus:Trj/Downloader.BJG Disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307466.exe
Adware:Adware/ClockSync No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307467.exe
Virus:Trj/Downloader.BJG Disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307468.exe
Adware:Adware/QoolShown No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307469.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308410.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308413.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308425.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308426.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308428.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308429.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308436.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308438.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308440.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308446.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308448.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308449.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308457.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308458.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308462.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308468.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309452.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309453.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309459.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309460.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309461.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309462.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309463.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309464.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309465.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309466.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309467.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309468.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309469.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309470.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309471.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309472.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309478.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309480.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309490.exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309506.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309523.exe
Adware:Adware/EliteBar No disinfected C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
#9
Posted 16 September 2005 - 07:10 PM
loophole
-
- Retired Staff
-
- 9,798 posts
Malware Expert
Can you post a brand new Hijack log, it appears the one you posted is 2 days old
#10
Posted 22 September 2005 - 01:10 PM
Hazjack
- Topic Starter
-
- Member
-
- 31 posts
Member
Here is the Active Scan report as well as the Hijack log. Thanks.
Hazjack
Logfile of HijackThis v1.99.1
Scan saved at 2:03:52 PM, on 09/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/...//www.yahoo.com
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [ntyaowoo] C:\WINDOWS\System32\ntyaowoo.exe /setuser
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125520529608
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Windows Management Instrumentation service (ntyaowoo) - Unknown owner - C:\WINDOWS\system32\ntyaowoo.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
Incident Status Location
Possible Virus. No disinfected C:\WINDOWS\SYSTEM32\NTYAOWOO.EXE
Adware:adware/pacimedia No disinfected C:\Documents and Settings\Owner\Favorites\1111\1111.url
Adware:adware/maxifiles No disinfected C:\PROGRAM FILES\COMMON FILES\services.exe
Adware:adware/apropos No disinfected C:\WINDOWS\SYSTEM32\auto_update_uninstall.log
Adware:adware/cws.searchmeup No disinfected C:\WINDOWS\SYSTEM32\bose.ico
Spyware:spyware/bargainbuddy No disinfected C:\WINDOWS\SYSTEM32\exclean.exe
Adware:adware/wupd No disinfected C:\WINDOWS\SYSTEM32\ide21201.vxd
Adware:adware/sqwire No disinfected C:\WINDOWS\SYSTEM32\tsuninst.exe
Adware:adware/ilookup No disinfected C:\WINDOWS\SYSTEM32\xbox_round1.bmp
Adware:adware/afaenhance No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:adware/gator No disinfected C:\GatorPatch.log
Adware:adware/addestroyer No disinfected C:\PROGRAM FILES\AdDestroyer
Spyware:spyware/altnet No disinfected C:\PROGRAM FILES\Altnet
Adware:adware/consumeralertsystemNo disinfected C:\PROGRAM FILES\CasStub
Adware:adware/downloadware No disinfected C:\PROGRAM FILES\MedCh
Spyware:spyware/new.net No disinfected C:\PROGRAM FILES\NewDotNet
Adware:adware/ist.yoursitebar No disinfected C:\PROGRAM FILES\YourSiteBar
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/dealhelper No disinfected C:\WINDOWS\SYSTEM32\DealHelper
Adware:adware/elitebar No disinfected C:\Documents and Settings\Owner\Favorites\Casino & Carrers
Adware:adware/virtualbouncer No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\VBouncer
Adware:adware/ist.sidefind No disinfected Windows Registry
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Owner\Desktop\backups\backup-20050915-133629-771
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet\mc-110-12-0000079.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\services.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll[gui.exe]
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll[cwebpage.dll]
Adware:Adware/Maxifiles No disinfected C:\Program Files\DNS\cwebpage.dll
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0284819.dll
Adware:Adware/Oemji No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0284839.dll
Adware:Adware/Oemji No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0284842.dll
Adware:Adware/Oemji No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0284845.dll
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0285172.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0285173.cpl
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP634\A0289193.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP634\A0290194.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP634\A0291194.exe
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP634\A0291204.dll
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291225.dll
Adware:Adware/SaveNow No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291232.exe
Adware:Adware/404Search No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291250.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291258.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291261.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291266.dll
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0292254.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0293254.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0293266.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0294266.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP636\A0295267.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP636\A0295296.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP636\A0295309.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP636\A0295314.dll
Adware:Adware/Sqwire No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0296304.dll
Adware:Adware/IST.YourSiteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0296332.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0296340.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0296342.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297312.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297314.dll[Catcher.dll]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297314.dll[cwebpage.dll]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297314.dll[gui.exe]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297317.dll
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0298313.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0298328.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0299327.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0303633.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0304557.exe
Adware:Adware/DelFinMedia No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0304558.exe
Adware:Adware/ClkOptimizer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0304569.dll
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0304582.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP654\A0304695.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP655\A0304898.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0305858.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0305861.dll[gui.exe]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0305861.dll[cwebpage.dll]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0305870.dll
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0306232.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0306256.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0306306.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0306401.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307399.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307424.exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307425.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307426.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307427.exe
Spyware:Spyware/New.net No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307428.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307431.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307433.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307434.dll
Adware:Adware/BookedSpace No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307435.exe
Spyware:Spyware/New.net No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307436.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307438.exe
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307439.exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307442.exe
Adware:Adware/DealHelper No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307443.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307444.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307445.exe
Adware:Adware/ExactSearch No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307446.exe
Adware:Adware/DealHelper No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307447.dll
Adware:Adware/Qoologic No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307448.exe
Adware:Adware/ExactSearch No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307449.vxd
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307452.srg
Adware:Adware/ISearch No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307453.exe
Spyware:Spyware/New.net No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307455.EXE
Adware:Adware/BigTrafficNet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307456.dll
Spyware:Spyware/Dyfuca No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307457.exe
Adware:Adware/AdDestroyer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307459.dll
Adware:Adware/AdDestroyer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307460.dll
Adware:Adware/AdDestroyer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307462.dll
Adware:Adware/AdDestroyer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307463.dll
Adware:Adware/DealHelper No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307464.exe
Adware:Adware/ClockSync No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307467.exe
Adware:Adware/QoolShown No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307469.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308410.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308413.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308425.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308426.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308428.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308429.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308436.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308438.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308440.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308446.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308448.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308449.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308457.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308458.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308462.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308468.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309452.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309453.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309459.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309460.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309461.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309462.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309463.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309464.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309465.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309466.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309467.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309468.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309469.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309470.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309471.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309472.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309478.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309480.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309490.exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309506.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309523.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309530.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309531.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309532.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309533.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309534.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309535.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309536.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309537.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309538.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309541.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309542.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309543.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309544.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309545.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309546.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309547.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309548.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309549.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309550.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_rest
Hazjack
Logfile of HijackThis v1.99.1
Scan saved at 2:03:52 PM, on 09/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/...//www.yahoo.com
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [ntyaowoo] C:\WINDOWS\System32\ntyaowoo.exe /setuser
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125520529608
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Windows Management Instrumentation service (ntyaowoo) - Unknown owner - C:\WINDOWS\system32\ntyaowoo.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
Incident Status Location
Possible Virus. No disinfected C:\WINDOWS\SYSTEM32\NTYAOWOO.EXE
Adware:adware/pacimedia No disinfected C:\Documents and Settings\Owner\Favorites\1111\1111.url
Adware:adware/maxifiles No disinfected C:\PROGRAM FILES\COMMON FILES\services.exe
Adware:adware/apropos No disinfected C:\WINDOWS\SYSTEM32\auto_update_uninstall.log
Adware:adware/cws.searchmeup No disinfected C:\WINDOWS\SYSTEM32\bose.ico
Spyware:spyware/bargainbuddy No disinfected C:\WINDOWS\SYSTEM32\exclean.exe
Adware:adware/wupd No disinfected C:\WINDOWS\SYSTEM32\ide21201.vxd
Adware:adware/sqwire No disinfected C:\WINDOWS\SYSTEM32\tsuninst.exe
Adware:adware/ilookup No disinfected C:\WINDOWS\SYSTEM32\xbox_round1.bmp
Adware:adware/afaenhance No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:adware/gator No disinfected C:\GatorPatch.log
Adware:adware/addestroyer No disinfected C:\PROGRAM FILES\AdDestroyer
Spyware:spyware/altnet No disinfected C:\PROGRAM FILES\Altnet
Adware:adware/consumeralertsystemNo disinfected C:\PROGRAM FILES\CasStub
Adware:adware/downloadware No disinfected C:\PROGRAM FILES\MedCh
Spyware:spyware/new.net No disinfected C:\PROGRAM FILES\NewDotNet
Adware:adware/ist.yoursitebar No disinfected C:\PROGRAM FILES\YourSiteBar
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/dealhelper No disinfected C:\WINDOWS\SYSTEM32\DealHelper
Adware:adware/elitebar No disinfected C:\Documents and Settings\Owner\Favorites\Casino & Carrers
Adware:adware/virtualbouncer No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\VBouncer
Adware:adware/ist.sidefind No disinfected Windows Registry
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Owner\Desktop\backups\backup-20050915-133629-771
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet\mc-110-12-0000079.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\services.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll[gui.exe]
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll[cwebpage.dll]
Adware:Adware/Maxifiles No disinfected C:\Program Files\DNS\cwebpage.dll
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0284819.dll
Adware:Adware/Oemji No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0284839.dll
Adware:Adware/Oemji No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0284842.dll
Adware:Adware/Oemji No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0284845.dll
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0285172.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP632\A0285173.cpl
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP634\A0289193.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP634\A0290194.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP634\A0291194.exe
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP634\A0291204.dll
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291225.dll
Adware:Adware/SaveNow No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291232.exe
Adware:Adware/404Search No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291250.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291258.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291261.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0291266.dll
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0292254.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0293254.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0293266.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP635\A0294266.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP636\A0295267.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP636\A0295296.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP636\A0295309.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP636\A0295314.dll
Adware:Adware/Sqwire No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0296304.dll
Adware:Adware/IST.YourSiteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0296332.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0296340.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0296342.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297312.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297314.dll[Catcher.dll]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297314.dll[cwebpage.dll]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297314.dll[gui.exe]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0297317.dll
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0298313.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0298328.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP649\A0299327.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0303633.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0304557.exe
Adware:Adware/DelFinMedia No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0304558.exe
Adware:Adware/ClkOptimizer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0304569.dll
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP652\A0304582.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP654\A0304695.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP655\A0304898.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0305858.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0305861.dll[gui.exe]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0305861.dll[cwebpage.dll]
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0305870.dll
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0306232.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0306256.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0306306.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP662\A0306401.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307399.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307424.exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307425.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307426.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307427.exe
Spyware:Spyware/New.net No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307428.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307431.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307433.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307434.dll
Adware:Adware/BookedSpace No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307435.exe
Spyware:Spyware/New.net No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307436.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307438.exe
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307439.exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307442.exe
Adware:Adware/DealHelper No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307443.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307444.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307445.exe
Adware:Adware/ExactSearch No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307446.exe
Adware:Adware/DealHelper No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307447.dll
Adware:Adware/Qoologic No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307448.exe
Adware:Adware/ExactSearch No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307449.vxd
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307452.srg
Adware:Adware/ISearch No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307453.exe
Spyware:Spyware/New.net No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307455.EXE
Adware:Adware/BigTrafficNet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307456.dll
Spyware:Spyware/Dyfuca No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307457.exe
Adware:Adware/AdDestroyer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307459.dll
Adware:Adware/AdDestroyer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307460.dll
Adware:Adware/AdDestroyer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307462.dll
Adware:Adware/AdDestroyer No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307463.dll
Adware:Adware/DealHelper No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307464.exe
Adware:Adware/ClockSync No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307467.exe
Adware:Adware/QoolShown No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0307469.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308410.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308413.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308425.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308426.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308428.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308429.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308436.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308438.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308440.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308446.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308448.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308449.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308457.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308458.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308462.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0308468.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309452.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309453.dll
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309459.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309460.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309461.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP664\A0309462.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309463.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309464.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309465.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309466.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309467.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309468.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309469.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309470.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309471.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309472.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309478.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309480.exe
Adware:Adware/Maxifiles No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309490.exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP665\A0309506.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309523.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309530.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309531.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309532.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309533.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309534.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309535.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309536.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309537.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP666\A0309538.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309541.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309542.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309543.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309544.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309545.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309546.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309547.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309548.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309549.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP667\A0309550.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_rest
#11
Posted 22 September 2005 - 10:05 PM
loophole
-
- Retired Staff
-
- 9,798 posts
Malware Expert
Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
Please remove these entries from Add/Remove Programs in the Control Panel(if present):
AdDestroyer
Altnet
CasStub
MedCh
NewDotNet
YourSiteBar
color=blue]Please note any other programs that you dont recognize in that list in your next response[/color]
Please delete these folders using Windows Explorer(if present):
C:\PROGRAM FILES\AdDestroyer
C:\PROGRAM FILES\Altnet
C:\PROGRAM FILES\CasStub
C:\PROGRAM FILES\MedCh
C:\PROGRAM FILES\NewDotNet
C:\PROGRAM FILES\YourSiteBar
Please delete these files using Windows Explorer(if present):
C:\PROGRAM FILES\COMMON FILES\services.exe
C:\WINDOWS\SYSTEM32\auto_update_uninstall.log
C:\WINDOWS\SYSTEM32\bose.ico
C:\WINDOWS\SYSTEM32\exclean.exe
C:\WINDOWS\SYSTEM32\ide21201.vxd
C:\WINDOWS\SYSTEM32\tsuninst.exe
C:\WINDOWS\SYSTEM32\xbox_round1.bmp
C:\WINDOWS\SYSTEM32\DealHelper
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\VBouncer
C:\WINDOWS\SYSTEM32\xbox_round1.bmp
C:\WINDOWS\SYSTEM\QBUninstaller.exe
C:\GatorPatch.log
After that, Reboot.
Post a new hijack log and tell me how your system is running now.
Thanks
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
Please remove these entries from Add/Remove Programs in the Control Panel(if present):
AdDestroyer
Altnet
CasStub
MedCh
NewDotNet
YourSiteBar
color=blue]Please note any other programs that you dont recognize in that list in your next response[/color]
Please delete these folders using Windows Explorer(if present):
C:\PROGRAM FILES\AdDestroyer
C:\PROGRAM FILES\Altnet
C:\PROGRAM FILES\CasStub
C:\PROGRAM FILES\MedCh
C:\PROGRAM FILES\NewDotNet
C:\PROGRAM FILES\YourSiteBar
Please delete these files using Windows Explorer(if present):
C:\PROGRAM FILES\COMMON FILES\services.exe
C:\WINDOWS\SYSTEM32\auto_update_uninstall.log
C:\WINDOWS\SYSTEM32\bose.ico
C:\WINDOWS\SYSTEM32\exclean.exe
C:\WINDOWS\SYSTEM32\ide21201.vxd
C:\WINDOWS\SYSTEM32\tsuninst.exe
C:\WINDOWS\SYSTEM32\xbox_round1.bmp
C:\WINDOWS\SYSTEM32\DealHelper
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\VBouncer
C:\WINDOWS\SYSTEM32\xbox_round1.bmp
C:\WINDOWS\SYSTEM\QBUninstaller.exe
C:\GatorPatch.log
After that, Reboot.
Post a new hijack log and tell me how your system is running now.
Thanks
#12
Posted 03 October 2005 - 11:24 PM
loophole
-
- Retired Staff
-
- 9,798 posts
Malware Expert
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
