Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MSSearchnet.exe

Started by Achop , Sep 23 2005 10:03 PM

  • This topic is locked This topic is locked

#1
Achop
Posted 23 September 2005 - 10:03 PM

Achop

    New Member

  • Member
  • Pip
  • 9 posts
Hi everyone,
My first time on the site. I'm a newbie and pretty illiterate when it come to delving into my computer.
Something has taken over my computer. My anti virus ( Norton's ) doesn't find it, Adaware doesn't find, and microsoft spyware doesn't find it. I did a free on-line scan and nothing came up either.
I get constant pop ups from all kinds of sites ( casino, [bleep], and spyware sites ) There is a yellen triangle shape that pops up in my bar by the clock whenever it happen. If I click on it, it takes me to web sites for spyware.
I've downloaded HiJack This and did a scan. It's all french to me LOL. Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 11:57:40 PM, on 9/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\George Edwards\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.enter.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: HomepageBHO - {893fad3a-931e-4e53-b515-b1426d63799b} - C:\WINDOWS\system32\hp1CE.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program

Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) -

http://205.159.125.1...everContent.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -

http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -

http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -

http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.micros...e.cab?112439107

9976
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) -

http://64.124.45.181.../proxy/CCMP.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) -

http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -

http://katzencam2.am...sCamControl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -

http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) -

http://community.web...otoUploader.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -

https://h17000.www1....loadManager.ocx
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) -

http://everquest2.st.../soesysinfo.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) -

http://us.dl1.yimg.c...ropper1_1us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

https://www-secure.s...ta/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} -

http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -

https://www-secure.s.../ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -

http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) -

http://cdn.digitalci...illama/ampx.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\Security Center\SymWSC.exe

I need help with this. It's driving me crazy. I can't even play my MMORP game. Thanks in advance. Hope I did everything correctly
  • 0

Advertisements

#2
g2i2r4
Posted 24 September 2005 - 05:59 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome Achop to Geeks to Go!

You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder

***

We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make.

Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.
Reverse the process when you’ve carried out the advise.

***

Please read these instructions carefully. You may want to print them. Copy the text to a Notepad file and save it to your desktop! We will need the file later.
Be sure to follow ALL instructions!


Download smitRem.exe version 2.5 and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

***

Place a shortcut to Panda ActiveScan on your desktop.

***

Please download the trial version of ewido security suite.Install ewido security suite
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

Launch ewido, there should be an icon on your desktop double-click it.
The program will prompt you to update click the OK button

The program will now go to the main screen
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update
Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed, close Ewido for now.

***

If you have not already installed Ad-Aware SE 1.06, please download and install AdAware SE 1.06.
Check Here on how setup and use it - please make sure you update it first.

***

Download the Killbox.
Unzip it to the desktop

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

C:\WINDOWS\system32\nvctrl.exe

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If your computer does not restart automatically, please restart it manually.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

***

Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.enter.net/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: HomepageBHO - {893fad3a-931e-4e53-b515-b1426d63799b} - C:\WINDOWS\system32\hp1CE.tmp

Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.

***

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
Post me the contents of the smitfiles.txt log as you post back.

***

Open Ad-aware and do a full scan. Remove all it finds.

***

Now open Ewido Security Suite:* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
Reboot your computer.

***

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

***

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan.
Save the report and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let me know if any problems persist.
  • 0

#3
Achop
Posted 26 September 2005 - 05:30 PM

Achop

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello, Thanks for helping me out with this annoying problem.

I did everything you said, except the part about disabling MS Antispyware. I could not get the buttons to stay unchecked when i saved changes, si I just deleted the program. I can download it and re-install at a lateer date.

The only other problem i have is that i can't find the Smitfiles from SmitRem program. I saved it, but I don't know where it went. I did a search for it, but it came up empty.

Ok, here are my logs, HiJack This first, then Ewido, then the Panda scan


Logfile of HijackThis v1.99.1
Scan saved at 7:17:29 PM, on 9/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.1...everContent.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124391079976
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181.../proxy/CCMP.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://katzencam2.am...sCamControl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.st.../soesysinfo.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_1us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:37:11 PM, 9/26/2005
+ Report-Checksum: 27C9DD5

+ Scan result:

HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Spyware.Altnet : Error during cleaning
C:\Documents and Settings\George Edwards\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-1f29a360.class -> TrojanDownloader.Small.wv : Cleaned with backup
C:\Documents and Settings\George Edwards\Cookies\george [email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\George Edwards\Cookies\george [email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\George Edwards\Local Settings\Temporary Internet Files\Content.IE5\EGQ64XD3\gdnUS1865[1].exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Jennifer Edwards\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Julie Edwards\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0E.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\Common Files\pdenteqf\paptocdqta\qnouruntq.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\pdenteqf\tbmtmpld\mposrppa.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2F225092-0A74-49A2-8F96-96486C\14E02164-7ADA-4DEB-8B47-AEA7FC -> TrojanDownloader.Wintool.b : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2F225092-0A74-49A2-8F96-96486C\9D66909F-854E-4211-9503-1E5D43 -> Spyware.Wintol : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D0B9990E-55E7-407D-9EDB-FEC93A\F4F83C8E-8D6F-492C-ABE1-BA51D7 -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\Program Files\nlzon.dll -> Spyware.SearchPage : Cleaned with backup
C:\Program Files\SpyTrooper\Uninstall.exe -> Adware.SpySheriff : Cleaned with backup
C:\WINDOWS\aaijk.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\addit32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addml32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addqt32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addxs32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\anhuvr.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\aoprr.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\apier32.dll -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\apiji.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apijt.exe -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\appcj32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\applg32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bwwhmy.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\cobbxb.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\cokftv.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\crcn32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3tb.dll:hxosyk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3tb.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DESKTOP.INI:oanjlc -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\dsjmba.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\dtqfvt.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\dvmlys.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\dwnoju.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\dyxozt.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\dzlzh.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\eentp.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\eolyx.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\evvptz.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\ewsysa.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\exajqw.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\fftgen.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\fnggss.dat -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\fuleks.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\giwuy.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\gqkdxu.dat -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\gzrraj.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\hiqvb.dat:lwusm -> TrojanDownloader.Agent.an : Cleaned with backup
C:\WINDOWS\hjdus.dat:oypqc -> TrojanDownloader.Agent.cd : Cleaned with backup
C:\WINDOWS\hlraob.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\hmgtal.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\hpyhvt.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\hshdpy.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\hswjbr.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\icpxpy.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\iefz32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iehl.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iexu.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iibkbp.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\ipbk.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipda.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iplg32.exe -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\ipwe32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\irrodb.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\iszqxx.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\ixadwj.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\javada32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jdscu.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\jhipul.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\jwypr.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\jzontz.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\knvkuh.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\koddva.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\krzill.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\lbceas.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\ldpzk.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\lslypa.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\lxggyl.dat:ydnah -> TrojanDownloader.Agent.lz : Cleaned with backup
C:\WINDOWS\lxggyl.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\mbkxbl.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\mfcau32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcdu.exe -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\mfcfp.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfcln.exe -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\mfcoh32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcuu32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcwu32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcxp32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfczd32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mlqpb.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\mokfoz.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mpkxlf.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\msas32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\MSDFMAP.INI:jwyte -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msiww.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\msqm32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\nblyhx.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\netlw32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntag32.exe -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\ntea.dll -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\ntfa32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ntpw.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntvn32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_gfjmbx.dat -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\n_nfeqfs.log -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\n_sggbts.dat -> TrojanDownloader.Agent.an : Cleaned with backup
C:\WINDOWS\n_sirjym.dat:urjuv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_sirjym.dat -> TrojanDownloader.Agent.al : Cleaned with backup
C:\WINDOWS\n_tsweap.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\n_uphnet.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\odcnni.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\ohdlp.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\ovgshc.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\piunpz.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\pzkram.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\rbfpv.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\rinko.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\rtvmbv.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\scaiml.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\sdkyh32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sysgl32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\syspd.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\aaqat.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\afgzz.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\apixp.dll -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\SYSTEM32\appne32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\atljh.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SYSTEM32\atlza32.dll -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\SYSTEM32\corelsys.dll -> TrojanDownloader.Agent.ba : Cleaned with backup
C:\WINDOWS\SYSTEM32\crof32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\d3rk.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\dmiir.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\gamgu.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\hffqx.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\ieaq32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\ieel.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\ieha32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\iett.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\ipdb32.dll -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\SYSTEM32\ipic32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\ipmu.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SYSTEM32\jheig.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\kbmoe.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\ld88A8.tmp -> TrojanDownloader.Agent.uz : Cleaned with backup
C:\WINDOWS\SYSTEM32\ld89F0.tmp -> TrojanDownloader.Agent.uz : Cleaned with backup
C:\WINDOWS\SYSTEM32\ld8B09.tmp -> TrojanDownloader.Agent.uz : Cleaned with backup
C:\WINDOWS\SYSTEM32\ld951B.tmp -> TrojanDownloader.Agent.uz : Cleaned with backup
C:\WINDOWS\SYSTEM32\lnokz.dll -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\lnwnr.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\mfctk32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\mpzdj.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\mscornet.exe -> TrojanDownloader.Zlob.aq : Cleaned with backup
C:\WINDOWS\SYSTEM32\mshk.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\msix.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\netwf.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\ntne32.dll -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\SYSTEM32\nttr32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\nxrtc.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\sdkcv.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\sdkhx.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SYSTEM32\sdkjm32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\sysdv.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\sysxr.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\tqnce.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\tаskmgr.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM32\winjo32.dll -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\SYSTEM32\winqd.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\winuz32.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\winyx.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\xrevw.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\xtaus.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\yidtj.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\tcescn.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\tchtf.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\tcybzu.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\tfttbq.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\ugmjy.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\uomwiq.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\usmhll.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\vazrbw.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\vplmyy.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\vskqtl.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\vybyvs.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\winwn.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\xttkm.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\xwbkeh.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\ycdhy.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\ydqeni.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\yllfku.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\yuhhb.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\yyyiwz.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\yzzlhb.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\zbhaoi.dat -> TrojanDownloader.Agent.z : Cleaned with backup
C:\WINDOWS\zlrxy.dat:ldfaz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\zmpby.dat:shmim -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\zmroa.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\zmtbb.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\zttagu.dat -> TrojanDownloader.Agent.z : Cleaned with backup


::Report End

Incident Status Location

Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\George Edwards\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-17b8ed14-5696206d.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\George Edwards\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-456b5d97-761e5200.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\George Edwards\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-522ce96a-3b666eec.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\George Edwards\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-5a055feb-1eb529b6.zip[Dummy.class]
Adware:Adware/WinTools No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2F225092-0A74-49A2-8F96-96486C\7E15C486-7A39-439C-97DA-067E03
Adware:Adware/PurityScan No disinfected C:\Program Files\nrpn\osoa.exe
Adware:Adware/SearchAid No disinfected C:\Program Files\tuqyy.dll
Adware:Adware/SearchAid No disinfected C:\Program Files\yncsu.dll
Adware:adware/midaddle No disinfected C:\WINDOWS\addit.exe
Adware:adware/searchaid No disinfected C:\WINDOWS\addor32.exe
Adware:adware/cws.008k No disinfected C:\WINDOWS\apirq.exe
Adware:adware/cws No disinfected C:\WINDOWS\apphi32.exe
Adware:Adware/Winshow No disinfected C:\WINDOWS\iiogo.dll
Adware:adware/cws.aboutblank No disinfected C:\WINDOWS\javait.exe
Adware:Adware/WinTools No disinfected C:\WINDOWS\Key2.txt
Adware:Adware/Winshow No disinfected C:\WINDOWS\kxpft.dll
Adware:adware/ncase No disinfected C:\WINDOWS\msbb.exe
Dialer:dialer.clr No disinfected C:\WINDOWS\netes.exe
Adware:adware program No disinfected C:\WINDOWS\netqm32.exe
Adware:Adware/Winshow No disinfected C:\WINDOWS\nilji.dll
Adware:Adware/Winshow No disinfected C:\WINDOWS\riihj.dll
Adware:adware/navipromo No disinfected C:\WINDOWS\sdkaa32.exe
Spyware:spyware/petro-line No disinfected C:\WINDOWS\SYSTEM32\appbs32.dll
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\bsxtx.dll
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\eglaq.dll
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\SYSTEM32\exul.exe
Spyware:spyware/bargainbuddy No disinfected C:\WINDOWS\SYSTEM32\mscb.exe
Adware:adware/transponder No disinfected C:\WINDOWS\SYSTEM32\msts32.exe
Adware:Adware/PsGuard No disinfected C:\WINDOWS\SYSTEM32\msvol.tlb
Adware:adware/mirar No disinfected C:\WINDOWS\SYSTEM32\winnb32.dll
Adware:Adware/Winshow No disinfected C:\WINDOWS\umsdf.dll

The only other thing i want to say is that during one of my on-line scans, MSSearch.exe was found and deleted by me. I don't know how, but thing seemed to calm down a little after that. I was still getting a pop-up from Norton A/V about a hijackdesktop. virus that it couldn't delete. I haven't been using computer much, so I don't know if it disappeared along with these fixes from you

Again, Thanks in advance for the help :tazz:
  • 0

#4
g2i2r4
Posted 26 September 2005 - 05:48 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.

Rename it to smitfiles01.txt or post the content before you move on.

Please see if it's there, I'd like to see it to know what happend.

Download the Killbox.
Unzip it to the desktop

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

C:\Program Files\nrpn\osoa.exe
C:\Program Files\tuqyy.dll
C:\Program Files\yncsu.dll
C:\WINDOWS\addit.exe
C:\WINDOWS\addor32.exe
C:\WINDOWS\apirq.exe
C:\WINDOWS\apphi32.exe
C:\WINDOWS\iiogo.dll
C:\WINDOWS\javait.exe
C:\WINDOWS\Key2.txt
C:\WINDOWS\kxpft.dll
C:\WINDOWS\msbb.exe
C:\WINDOWS\netes.exe
C:\WINDOWS\netqm32.exe
C:\WINDOWS\nilji.dll
C:\WINDOWS\riihj.dll
C:\WINDOWS\sdkaa32.exe
C:\WINDOWS\SYSTEM32\appbs32.dll
C:\WINDOWS\SYSTEM32\bsxtx.dll
C:\WINDOWS\SYSTEM32\eglaq.dll
C:\WINDOWS\SYSTEM32\exul.exe
C:\WINDOWS\SYSTEM32\mscb.exe
C:\WINDOWS\SYSTEM32\msts32.exe
C:\WINDOWS\SYSTEM32\winnb32.dll
C:\WINDOWS\umsdf.dll

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.
Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

***

Download about:buster by RubbeRDuckY.
Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
***

Download CWShredder.
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
***

Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

***
  • Open HijackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Open ADS Spy"
  • Click on "Scan"
    the program will start to scan your Windows folder for any files that are Alternate Data Streams.
  • To remove the displayed ADS files, simply place a checkmark next to the entries and click on the Remove selected button. This will remove the ADS file from your computer.
  • When you are done, press the Back button next to the Remove selected until you are at the main HijackThis screen
    or
  • Close HijackThis.
***

Please run About:Buster:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end.

***

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

***

Still in safe mode, rerun smitrem.

***

Reboot back to normal mode.

***

Do another Panda scan to see what's left. Safe the report.
Reboot afterwards.

Post me:
both smitrem01.txt and the new smitrem.txt
both About:Buster logs
a fresh HijackThis log
the new Panda result
  • 0

#5
Achop
Posted 27 September 2005 - 02:36 PM

Achop

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
QUOTE
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.

Rename it to smitfiles01.txt or post the content before you move on.

Please see if it's there, I'd like to see it to know what happend.

I would do this, but i can't find the file. I'm not real good on diving too deep into computer workings, but if you tell me exactly where to look ( root of your drive = boggles my small mind; LOL ) I'd be happy to post it for to see. I wanted to post this before i did anything else, just in case it affects anything. I will procede after I hear back from you, in the mean time, i'll download needed programs and be ready.
Just a quick note, computer is running without pop-ups, but i would say it is considerably slower.
  • 0

#6
g2i2r4
Posted 27 September 2005 - 02:42 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Double click the icon 'my computer' on your desktop if it's there

Go to drive C:

in the list of files and folders find the 'smitfiles.txt'
double click the file
it will open a notepad file with the text I'd like to see

press ctrl+A

Open the window with this topic in it and press 'add reply'

in this reply box press ctrl+V

You will now have posted the result for the previous run of the runthis.bat from smitrem.
  • 0

#7
Achop
Posted 28 September 2005 - 02:15 PM

Achop

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi again, I'm sorry, maybe i didn't run the SmitRem program correctly, because there is no Smitfiles.txt file on my computer. I've done 2 complete searches of my local drive and assorted locations on that drive, and still no file.
When I clicked the SmitRem folder on my desktop, i clicked on the .bat file like you suggested, and it said all files have been extracted. It doesn't say where they went or anything. Is there something else i'm supposed to do to make that program work ?
  • 0

#8
g2i2r4
Posted 28 September 2005 - 04:23 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Can you tell me what files you have in the smitrem folder please?
  • 0

#9
Achop
Posted 28 September 2005 - 06:35 PM

Achop

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I think i figured out what i did wrong, but here is what files are in Smitrem folder

delfiles
LTDFix
reg
replace
RunThis
shudder
taskkill

I don't think it ever ran, because I didn't do it correctly. I was checking it out, and it ran a scan of some sort, turned my desktop all blue background etc.
I saved that file. Here it is

smitRem log file
version 2.5

by noahdfear

The current date is: Wed 09/28/2005
The current time is: 16:21:48.37

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

msvol.tlb
ncompat.tlb
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :tazz:


~~~ Upon reboot ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!


~~~ Upon completion ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!
~~~~ C:\WINDOWS\system32\wininet.dll Clean! :) ~~~~


~~~~ Rechecking C:\WINDOWS\system32\wininet.dll for infection ~~~~

Now , onto our next page of instructions,
I ran the Killbox and typed each line/path into box, then rebooted.

So, i moved onto the next step and did the CW Shredder, it found 2 items and i deleted them.
I booted into safe mode, ran HiJack This. Here is log

Logfile of HijackThis v1.99.1
Scan saved at 6:46:56 PM, on 9/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.enter.net/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.1...everContent.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124391079976
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181.../proxy/CCMP.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://katzencam2.am...sCamControl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.st.../soesysinfo.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_1us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


About : Buster will not run. I keep getting an error message " Run -time error '5' Invalid procedure call or argumen


Here is the latest Panda scan

Incident Status Location

Adware:Adware/SearchAid No disinfected C:\!Submit\tuqyy.dll
Adware:adware/securityerror No disinfected C:\Documents and Settings\All Users\Start Menu\Online Security Center.url
Adware:Adware/WinTools No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2F225092-0A74-49A2-8F96-96486C\7E15C486-7A39-439C-97DA-067E03
Adware:Adware/PurityScan No disinfected C:\Program Files\nrpn\osoa.exe
Adware:adware/midaddle No disinfected C:\WINDOWS\addit.exe
Adware:adware/cws.008k No disinfected C:\WINDOWS\appaz32.exe
Adware:adware/searchaid No disinfected C:\WINDOWS\appjr32.exe
Adware:Adware/WinTools No disinfected C:\WINDOWS\Key2.txt
Adware:Adware/Winshow No disinfected C:\WINDOWS\nilji.dll
Adware:adware/navipromo No disinfected C:\WINDOWS\sdkab32.exe
Adware:adware/cws.aboutblank No disinfected C:\WINDOWS\SYSTEM32\apilt.exe
Spyware:spyware/petro-line No disinfected C:\WINDOWS\SYSTEM32\appbs32.dll
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\eglaq.dll
Adware:adware/transponder No disinfected C:\WINDOWS\SYSTEM32\ntec32.exe
Adware:adware program No disinfected C:\WINDOWS\winqp.exe
Here is latest SmitRem log

smitRem log file
version 2.5

by noahdfear

The current date is: Wed 09/28/2005
The current time is: 20:30:00.59

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)


I hope you can make sense of all this. The big question I have is , Why doesn't About : Buster run ?
  • 0

#10
g2i2r4
Posted 29 September 2005 - 02:26 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Weldone :tazz:
That's the log I was looking for. And it looks good!

Download the Killbox.
Unzip it to the desktop

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

C:\Documents and Settings\All Users\Start Menu\Online Security Center.url
C:\Program Files\nrpn\osoa.exe
C:\WINDOWS\addit.exe
C:\WINDOWS\appaz32.exe
C:\WINDOWS\appjr32.exe
C:\WINDOWS\Key2.txt
C:\WINDOWS\nilji.dll
C:\WINDOWS\sdkab32.exe
C:\WINDOWS\SYSTEM32\apilt.exe
C:\WINDOWS\SYSTEM32\appbs32.dll
C:\WINDOWS\SYSTEM32\eglaq.dll
C:\WINDOWS\SYSTEM32\ntec32.exe
C:\WINDOWS\winqp.exe

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.
Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.


Did you unzip About:Buster to a folder of it's own?

Can you rescan to see where we stand?
  • 0

#11
Achop
Posted 29 September 2005 - 05:26 PM

Achop

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi again, Thanks again for the quick replys. I did as you asked and deleted the lines, and rebooted. I ran a new HiJack this file . Here is the log

Logfile of HijackThis v1.99.1
Scan saved at 7:22:58 PM, on 9/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.enter.net/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.1...everContent.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124391079976
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181.../proxy/CCMP.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://katzencam2.am...sCamControl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.st.../soesysinfo.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_1us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

I think it looks OK, but what do i know.
as far as About Buster, I think i di it right. I messed arond with it some to try and get it to work, but no go.


Thanks again
Achop
  • 0

#12
g2i2r4
Posted 30 September 2005 - 11:18 AM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
The error About:Buster is giving you is for the update. The creator's site is down and thus the program gives you the message. You probably have the updates up to version 28. That's all there is for now.

Did you try to run it (skip the updates and start removal)?
  • 0

#13
Achop
Posted 01 October 2005 - 08:46 AM

Achop

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi again
No, I never tried to just run About : Buster, i always tried for the updates. I'll download the program again, and seee what happens. I'll post any results i might get.
  • 0

#14
g2i2r4
Posted 01 October 2005 - 08:51 AM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Take your time, I'll be around somewhere :tazz:




EDIT:
As there has been no reply from the original poster for more than two weeks this topic is now closed.

If you are the original poster and still need assistance, please send me a PM.

Edited by g2i2r4, 15 October 2005 - 04:04 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP