Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

hijackthis log [RESOLVED]

Started by western14 , Oct 12 2005 11:08 AM

This topic is locked

#1
western14

Posted 12 October 2005 - 11:08 AM

Member

Member
51 posts

Logfile of HijackThis v1.99.1
Scan saved at 12:01:59 PM, on 10/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\DELL\AccessDirect\dadapp.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\lockx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\etb\pokapoka75.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19D65FDA-8729-4BD0-A7B9-E3C8EAED5943}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{BECE0D35-D8F4-43CC-B718-8E40F10469C1}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{19D65FDA-8729-4BD0-A7B9-E3C8EAED5943}: NameServer = 85.255.113.124,85.255.112.15
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: Adobe Acrobat 5.0 - {BB02D600-86DF-6C80-2CE6-5654267939DA} - c:\program files\adobe\acrobat 5.0\reader\wcimt32.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#2
andydf

Posted 17 October 2005 - 02:14 PM

Visiting Staff

Visiting Consultant
1,660 posts

Hi western14
Welcome to Geeks to go

Please download LQfix.exe from one of the following locations:

http://www.downloads.subratam.org/LQfix.exe
http://miekiemoes.geekstogo.com/tools/LQfix.exe
Save it to your desktop.
Double-Click LQfix.exe and click Next > Next > Install.
Leave the default settings, if you change them, the fix will Fail!
You need an active Internet Connection, so make sure your you're not blocking any connection now.
Now make sure the "Launch LQfix" box is checked.
Click the Finish button, after clicking the Finish button the fix will start.
Follow the on-screen prompts.
Your system will reboot afterwards.
Please be patient after the reboot, there is a script running in the background that needs to complete.

Then do a scan with HiJackThis and post a new log by using Add Reply

Andy :tazz:

#3
western14

Posted 17 October 2005 - 08:29 PM

Member

Topic Starter
Member
51 posts

Logfile of HijackThis v1.99.1
Scan saved at 9:28:31 PM, on 10/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\DELL\AccessDirect\dadapp.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\lockx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\etb\pokapoka76.exe
C:\WINDOWS\System32\5fikvpc0.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\acledit2.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Windows\services32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\Searchx.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: XBTP07618 - {2296428D-C133-4928-B76A-A200FF409572} - C:\PROGRA~1\FREEPR~1\freeprod.dll
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\SYSTEM32\communicator.dll
O2 - BHO: (no name) - {58F07DD3-924D-4141-BC74-299F523A95F1} - (no file)
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\System32\qlink32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\SYSTEM32\communicator.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\Run: [System service76] C:\WINDOWS\etb\pokapoka76.exe
O4 - HKLM\..\Run: [5fikvpc0] C:\WINDOWS\System32\5fikvpc0.exe
O4 - HKLM\..\Run: [1f5f68b2373f] C:\WINDOWS\System32\acledit2.exe
O4 - HKLM\..\Run: [stb] C:\WINDOWS\System32\stb.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-62-602-0000156.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} (Installer Class) - http://downloads.sho...all4110_sp2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19D65FDA-8729-4BD0-A7B9-E3C8EAED5943}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{BECE0D35-D8F4-43CC-B718-8E40F10469C1}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{19D65FDA-8729-4BD0-A7B9-E3C8EAED5943}: NameServer = 85.255.113.124,85.255.112.15
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: repairs302972949.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: Adobe Acrobat 5.0 - {BB02D600-86DF-6C80-2CE6-5654267939DA} - c:\program files\adobe\acrobat 5.0\reader\wcimt32.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4
andydf

Posted 18 October 2005 - 02:30 PM

Visiting Staff

Visiting Consultant
1,660 posts

Hi western14
Things have gotten a little worse since your first post.

I see you already have Ewido installed. Please make sure Ewido fully updated

1.
Go to add/remove programs and uninstall SurfSdeKick 3

2.
Reboot into safe mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

3.
Re-open Ewido

Click on scanner
Click on Complete System Scan and the scan will begin. Do not open any other windows/programs for the duration of the scan.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido security suite.

Reboot your computer into Normal mode.

4.
Next I need you to re-run the Lqfix instuctions in my previous post.

5.
After the reboot, re-open HiJackThis and scan. Check the boxes next to all the entries listed below. (if present)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\Searchx.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: XBTP07618 - {2296428D-C133-4928-B76A-A200FF409572} - C:\PROGRA~1\FREEPR~1\freeprod.dll
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\SYSTEM32\communicator.dll
O2 - BHO: (no name) - {58F07DD3-924D-4141-BC74-299F523A95F1} - (no file)
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\System32\qlink32.dll
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\SYSTEM32\communicator.dll
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\Run: [System service76] C:\WINDOWS\etb\pokapoka76.exe
O4 - HKLM\..\Run: [5fikvpc0] C:\WINDOWS\System32\5fikvpc0.exe
O4 - HKLM\..\Run: [1f5f68b2373f] C:\WINDOWS\System32\acledit2.exe
O4 - HKLM\..\Run: [stb] C:\WINDOWS\System32\stb.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-62-602-0000156.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O20 - AppInit_DLLs: repairs302972949.dll

Now close all windows other than HiJackThis, then click Fix Checked.

5.
Please delete these folders using Windows Explorer(if present):

C:\Program Files\SurfSideKick 3\
C:\PROGRA~1\FREEPR~1
C:\WINDOWS\etb
C:\Program Files\Common Files\Windows

Folders and files with a tilde (~), means that there is a file/folder that starts with the six characters in front of the tilde, note that there may be spaces in the name. If there are more than one, please report them back and do not delete!

6.
Please delete these files using Windows Explorer(if present):
Use windows search facility if you have trouble finding these files. Do not worry if you cannot find some of them.

C:\WINDOWS\System32\Searchx.htm
C:\WINDOWS\SYSTEM32\communicator.dll
C:\WINDOWS\System32\qlink32.dll
C:\WINDOWS\System32\lockx.exe
C:\WINDOWS\System32\5fikvpc0.exe
C:\WINDOWS\System32\acledit2.exe
C:\WINDOWS\System32\stb.exe
C:\WINDOWS\System32\yaemu.exe

After that, Reboot.

If you would please, rescan with HijackThis and post a fresh log along with the ewido log in this same topic, and let us know how your system's working.

Andy

#5
western14

Posted 19 October 2005 - 12:06 PM

Member

Topic Starter
Member
51 posts

Hi,
here are my logs. i also couldnt delte surfsidekick from any of its locations. it says that another application is using it and it cant delete.

thanks,
Eric

Logfile of HijackThis v1.99.1
Scan saved at 11:44:16 AM, on 10/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\DELL\AccessDirect\dadapp.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} (Installer Class) - http://downloads.sho...all4110_sp2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19D65FDA-8729-4BD0-A7B9-E3C8EAED5943}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{BECE0D35-D8F4-43CC-B718-8E40F10469C1}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{19D65FDA-8729-4BD0-A7B9-E3C8EAED5943}: NameServer = 85.255.113.124,85.255.112.15
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: repairs302972949.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: Adobe Acrobat 5.0 - {BB02D600-86DF-6C80-2CE6-5654267939DA} - c:\program files\adobe\acrobat 5.0\reader\wcimt32.dll (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:46:57 PM, 10/18/2005
+ Report-Checksum: BB72C82A

+ Scan result:

C:\backup.zip/aathz.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/absldp.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/affsipc.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/AHTAPI.DLL -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ahvpack.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/akkctrs.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/akvpack.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/avthz.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/awvpack.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/axa8lg9u16.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/az12l39o1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/az18lg9u16.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/aza001jme.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/aza20gdoe60c0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/aza2l39o1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/aza607lse.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/aza6l9js1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/aza8lg9u16.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/azam0gd1e60.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/azamla911d.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/azaol5l31.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/azaq07l5e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/azaqlih5184.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/azau09j9e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/bmhci.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/bvhci.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/bxtsprx2.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/c000ladm1d0a.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/c4000edmeh0a0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/c8000idme80a0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/chseqchk.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/clm.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/cmyptnet.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/cndial32.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/cPpicom.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/csmpobj.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/cvprops.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/d20m0cd1ef0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/d60m0gd1e60.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/d6j02g1mg6.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/d8j0li1m18.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dbuiext.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dctmsft3.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dEvclnt.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dF0m0cd1ef0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dfprpres.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dicpcsvc.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/djcdll.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dK0m0cd1ef0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dlcpmon.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dn0601dse.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dn0m01d1e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dn4q01h5e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dn6001jme.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dn6801jue.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dnjm0111e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dtnmpntw.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dV0m0cd1ef0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dvusic.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dwiman32.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dwvenum.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dyskperf.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dyspex.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dyvacm.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dzdmoprp.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/dzmsadsn.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/e4jm0e11eh.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/e6020gdoe60c0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/e6200gfme62a0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/e6202gfmg62a2.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/eD202gfmg62a2.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/eds.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/en0ml1d11.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/en0ul1d91.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/en62l1jo1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/en68l1ju1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/en88l1lu1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/en8ul1l91.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/enj2l11o1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/enlml1311.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/f82mlif1182.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/fGahvoas.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/fgcfg.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/fn2021fmg.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/fp8803lue.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/fpj0031me.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/fpjm0311e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/fpjo0313e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/fpl8033ue.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/fpp2037oe.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/g004ladq1d0e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/g0jo0a13ed.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/g0jola131d.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/g2040cdqef0e0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/g6lm0g31e6.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/g8040idqe80e0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/g8joli1318.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/g8lm0i31e8.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ggkrsrc.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/gMjoli1318.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/gmlol3331.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/gp48l3hu1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/gp4ol3h31.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/gp82l3lo1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/gp8ml3l11.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/gp8sl3l71.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/gpjml3111.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/gpjol3131.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/gplol3331.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/gplsl3371.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/gpn2l35o1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/gpn4l35q1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/gpnol3531.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/gppol3731.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/gTjola131d.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/gtr2l39o1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/h00q0ad5ed0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/h0l20a3oed.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/h22olcf31f2.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/h40q0ed5eh0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/h6j4lg1q16.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/h8l2li3o18.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/h8n0li5m18.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/hicutils.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/hjcutils.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/hjtplug.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/hpfinst.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/hr0205doe.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/hr2205foe.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/hr2m05f1e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/hr4o05h3e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/hr4u05h9e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/hrl2053oe.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/hrl6053se.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/hrrm0591e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/hucoin.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/hxui.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/hy2m05f1e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/i0lola331d.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/i2jq0c15ef.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/i4060edseh060.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/i806lids1806.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/i824lifq182e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/i8jqli1518.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/i8loli3318.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ibfxdgps.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ics.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/iDlmdnt5.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ieetcplc.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/iEsrecst.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/iexmontr.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ifsecsvc.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/iGlmdnt5.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ih8ol5l31.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ihxmontr.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ijfxeud.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/iLlmdd5.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/iLlola331d.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/iLsrecst.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/Imetwh32.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/iMlmCoIn_0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ippeers.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ir2ul5f91.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ir6ql5j51.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ir8ol5l31.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/irfxhk.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/irj4l51q1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/iRlmdnt5.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/irlml5311.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/irp0l57m1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/irp2l57o1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/irpql5751.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/irsutil.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/iufxres.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/iycvid.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/iZlmCoIn_0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/iZlmdnt5.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/j20s0cd7ef0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/j2j60c1sef.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/j4n20e5oeh.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/j80slid7180.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jEvacypt.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jEvaee.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jh8q07l5e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jK0s0cd7ef0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jn8q07l5e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jt0807due.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jt0o07d3e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jt0q07d5e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jt2207foe.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jt2407fqe.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jt2607fse.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jt2o07f3e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jt2s07f7e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jt4407hqe.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jt4607hse.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jt4q07h5e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jt6o07j3e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jt6q07j5e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jt8607lse.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jt8m07l1e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jt8q07l5e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jtj6071se.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jtps0777e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jtr6079se.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/jtrq0795e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ju4607hse.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/k0620ajoedoc0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/k262lcjo1foc.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/k2no0c53ef.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/k2pmlc711f.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/k4800elmehqa0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/k4lq0e35eh.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/k608lgdu1608.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/k6260gfse6260.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/k626lgfs1626.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/k6620gjoe6oc0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/k8260ifse8260.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kadhu1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kadsl.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kkdycl.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kmdhe.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kn1394.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kndhe.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kpdycl.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kprwbrkr.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kqdmaori.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kt00l7dm1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kt0ol7d31.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kt22l7fo1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kt46l7hs1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kt8ml7l11.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ktdkyr.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ktl6l73s1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ktpsl7771.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ktrul7991.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kudblr.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kurberos.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kwdfc.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kwdhe.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/KWDKAZ.DLL -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/kxd101b.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/l00u0ad9ed0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/l22s0cf7ef2.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/l28m0cl1efq.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/l2j80c1uef.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/l2n40c5qef.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/l2p2lc7o1f.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/l4l60e3seh.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/l88mlil118q.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/lccdll.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/LCIMG11N.DLL -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/LHRTREND.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/licalui.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/LJPSD11N.DLL -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/LMDIS11n.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/LNBMP11N.DLL -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/LOBMP11N.DLL -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/lsp2097oe.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/lv0009dme.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/lv0409dqe.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/lv0s09d7e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/lv2609fse.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/lv2s09f7e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/lv4s09h7e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/lv6u09j9e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/lv8009lme.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/lv8q09l5e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/lvjs0917e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/lvl2093oe.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/lvp2097oe.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/lvpo0973e.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/lzcalui.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/lzk.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/LZTGA11N.DLL -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/m0pola731d.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/m0rmla911d.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/m4280efueh280.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/m4jule191h.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/m6rm0g91e6.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/m828lifu1828.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/m8640ijqe8oe0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/m8lsli3718.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/m8nqli5518.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/maaatext.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mbw3prt.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mgcoree.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mH28lifu1828.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/MHCTFP.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mhndex.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mkrui.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mm43dmod.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mmg4dmod.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mocomput.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/monsspc.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mpafd.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mqratelc.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mtfutil.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mudemui.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mv20l9fm1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mv24l9fq1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mv40l9hm1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mv48l9hu1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mv64l9jq1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mv66l9js1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mv8sl9l71.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mviseq.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mvjul9191.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mvl4l93q1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mvlsl9371.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mvndex.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mvnul9591.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mvp2l97o1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mvpml9711.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mvrql9951.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mvrul9991.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/mxcshext.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/my4sdmod.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/n04s0ah7ed4.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/n42ulef91h2.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/n4l8le3u1h.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/n6p40g7qe6.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/n82u0if9e82.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/n88olil318q.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/nehtml.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ngmsdba.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/nhshrui.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/nimssvc.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/nmprovau.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/nqtui1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/nrtui2.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/nutui1.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/NX4.DLL -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/o0rola931d.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/o2840clqefqe0.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/o6ns0g57e6.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/o8660ijse8o60.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/o8pqli7518.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ogbcp32r.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/ojecnv32.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/okfox32.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/oSrola931d.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/otbctrac.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/p28q0cl5efq.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/p2n8lc5u1f.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/p6r40g9qe6.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/p8r4li9q18.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/pbrfts.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/pfwrprof.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/pLpsvc.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/pxtorec.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/pzlmon.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/q0nu0a59ed.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/q0nula591d.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/qcsname.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/r0p80a7ued.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/r2p80c7uef.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/r2r60c9sef.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/r48slel71hq.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/r4r6le9s1h.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/r68s0gl7e6q.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/r68slgl716q.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/rCsauto.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/rEp80c7uef.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/rfnd.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/rPsapi32.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/rrpdd.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/rtched32.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/rxched32.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/rygsvc.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/rZ8slgl716q.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/s8puli7918.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/sdgen.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/sdmpapi.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/sjlwoa.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/sklgntfy.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/smrmdll.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/sncur32.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/somedia.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/sqcpack.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/sqlgntfy.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/srcoinst.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/strio600.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/stsinv.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/SUDLL.DLL -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/svdoclc.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/svlwoa.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/svpblb.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/svsvc.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/svtupapi.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/sxmsg.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/szmapi.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/t6r8lg9u16.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/tdpmon.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/tlext.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/tNpiperf.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/tOpi.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/u6ru0g99e6.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/UEEG.DLL -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/vbsapi.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/vzrsion.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/waigest.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/wB5inf16.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/wc2help.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/wcavideo.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/wdapi.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/wdcsvc.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/wderror.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/wkv3is.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/wsstream.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/wY2topl.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/wyhext.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/xllprov.dll -> Spyware.Look2Me : Error during cleaning
C:\backup.zip/guard.tmp -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Eric Peppers\Cookies\eric [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Eric Peppers\Cookies\eric [email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Eric Peppers\Cookies\eric [email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Eric Peppers\Cookies\eric peppers@vegasred[2].txt -> Spyware.Cookie.Vegasred : Cleaned with backup
C:\Documents and Settings\Eric Peppers\Cookies\eric [email protected][1].txt -> Spyware.Cookie.Vegasred : Cleaned with backup
C:\Documents and Settings\Eric Peppers\Local Settings\Temporary Internet Files\Content.IE5\45IN4PIF\mtrslib2[1].js -> TrojanDownloader.Small.ag : Cleaned with backup
C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050504173340.zip/Program Files/common files/uninstall information/RemoveDisplayUtility.exe -> Spyware.Delfin : Error during cleaning
C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050509204006.zip/Program Files/common files/uninstall information/RemoveDisplayUtility.exe -> Spyware.Delfin : Error during cleaning
C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050510170626.zip/Program Files/common files/uninstall information/RemoveDisplayUtility.exe -> Spyware.Delfin : Error during cleaning
C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050615115136.zip/Program Files/common files/uninstall information/RemoveDisplayUtility.exe -> Spyware.Delfin : Error during cleaning
C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050616160233.zip/Program Files/common files/uninstall information/RemoveDisplayUtility.exe -> Spyware.Delfin : Error during cleaning
C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050814192843.zip/Program Files/common files/uninstall information/RemoveDisplayUtility.exe -> Spyware.Delfin : Error during cleaning
C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050820140544.zip/Program Files/common files/uninstall information/RemoveDisplayUtility.exe -> Spyware.Delfin : Error during cleaning
C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050822134104.zip/Program Files/common files/uninstall information/RemoveDisplayUtility.exe -> Spyware.Delfin : Error during cleaning
C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050824212456.zip/Program Files/common files/uninstall information/RemoveDisplayUtility.exe -> Spyware.Delfin : Error during cleaning
C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050825164304.zip/Program Files/common files/uninstall information/RemoveDisplayUtility.exe -> Spyware.Delfin : Error during cleaning
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP47\A0020324.exe -> Adware.SAHA : Cleaned with backup
C:\unzipped\Video-Blonde-Gros-SEINS[1]\Visionner-en-Ligne.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\pxwma.dll -> Spyware.Webdir : Cleaned with backup
C:\WINDOWS\SYSTEM32\acledit2.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\ati2dvag.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\ciodm142.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\pinstaller.exe -> Spyware.UrlSpy : Cleaned with backup

::Report End

#6
andydf

Posted 19 October 2005 - 02:28 PM

Visiting Staff

Visiting Consultant
1,660 posts

Hi

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download and install CleanUp!
Do not run it yet.

Download RegLite from here
http://www.resplendence.com/downloads
Install it then close it, we will run it later.

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Program Files\SurfSideKick 3\Ssk.exe

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Reboot back into Safe Mode

Open Reglite and Copy&Paste the bold text below into the Address Bar and hit Enter

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows

In the smaller left hand pane-> Right Click the Windows folder(Highlighted in Blue)

Select Rename-> Rename it to Windoz-> Hit Enter

Now look in the larger right hand pane-> locate and double click AppInit_DLLs

Under Value-> Remove(Delete)-> repairs302972949.dll

Open the Search Assistant(Click Start>>Click Search)
Select All Files and Folders,
Select Advanced Options,
Make sure there is a check by every box under Advanced options

Now under All Files and Folders,enter this into the text box:

repairs302972949.dll

Delete any exact matches

Restart and Open Reglite again-> go back to the folder you renamed to Windoz and Rename it again,back to Windows.

Open HijackThis and fix these entrys (if present)

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{19D65FDA-8729-4BD0-A7B9-E3C8EAED5943}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{BECE0D35-D8F4-43CC-B718-8E40F10469C1}: NameServer = 85.255.113.124,85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{19D65FDA-8729-4BD0-A7B9-E3C8EAED5943}: NameServer = 85.255.113.124,85.255.112.15
O20 - AppInit_DLLs: repairs302972949.dll

Next
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click OK
Press the [b]CleanUp! button to start the program.

It may ask you to reboot at the end, if it does go ahead and reboot.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working.

Andy

Edited by andydf, 20 October 2005 - 12:55 AM.

#7
western14

Posted 20 October 2005 - 07:26 PM

Member

Topic Starter
Member
51 posts

Hi,

when i tried to fix one of the selected items, O20 - AppInit_DLLs: repairs302972949.dll
in the hijack this menu, an error message popped up. i was also unable to change the name back from [b]windoz to windows. here is my log

thanks,
eric

Logfile of HijackThis v1.99.1
Scan saved at 8:25:49 PM, on 10/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\DELL\AccessDirect\dadapp.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} (Installer Class) - http://downloads.sho...all4110_sp2.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: repairs302972949.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: Adobe Acrobat 5.0 - {BB02D600-86DF-6C80-2CE6-5654267939DA} - c:\program files\adobe\acrobat 5.0\reader\wcimt32.dll (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#8
andydf

Posted 21 October 2005 - 05:46 AM

Visiting Staff

Visiting Consultant
1,660 posts

Hi Eric

We need to rename that folder back to windows, boot into safe mode and rename it back if it will allow you too.

Lets try and hit this another way.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

Click the Free Trial link under to "SpySweeper" to download the program.
Install it.
Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.

Please rescan with HJT and post a new log along with the spysweeper log in your reply

Andy :tazz:

#9
western14

Posted 25 October 2005 - 07:04 PM

Member

Topic Starter
Member
51 posts

Hi,

I noticed that when i tried to rename it back to windows, there is already a different file named windows there. Maybe that could be the problem. Here are my posts.

********
7:21 PM: | Start of Session, Tuesday, October 25, 2005 |
7:21 PM: Spy Sweeper started
7:21 PM: Sweep initiated using definitions version 561
7:22 PM: Starting Memory Sweep
7:22 PM: Found Adware: surfsidekick
7:22 PM: Detected running threat: C:\WINDOWS\SYSTEM32\repairs302972949.dll (ID = 163735)
7:23 PM: Detected running threat: C:\Program Files\SurfSideKick 3\SskBho.dll (ID = 163865)
7:26 PM: Detected running threat: C:\Program Files\SurfSideKick 3\SskCore.dll (ID = 163866)
7:27 PM: Memory Sweep Complete, Elapsed Time: 00:04:58
7:27 PM: Starting Registry Sweep
7:27 PM: Found Adware: cws-aboutblank
7:27 PM: HKCR\protocols\filter\text/html\ (1 subtraces) (ID = 114343)
7:27 PM: HKLM\software\classes\protocols\filter\text/html\ (1 subtraces) (ID = 115907)
7:27 PM: Found Adware: flashtrack
7:27 PM: HKCR\clsid\{5edb03af-0341-4e96-9e9b-3171522e4baf}\ (9 subtraces) (ID = 126522)
7:27 PM: HKLM\software\fen\ (7 subtraces) (ID = 126539)
7:27 PM: Found Adware: internetoptimizer
7:27 PM: HKLM\software\microsoft\windows\currentversion\uninstall\rotue\ (ID = 128925)
7:27 PM: HKLM\software\microsoft\windows\currentversion\uninstall\tcontext\ (2 subtraces) (ID = 128926)
7:27 PM: Found Adware: maxifiles
7:27 PM: HKLM\software\classes\xbtb07618.ietoolbar.1\ (3 subtraces) (ID = 134851)
7:27 PM: HKLM\software\classes\xbtb07618.ietoolbar.1\clsid\ (1 subtraces) (ID = 134852)
7:27 PM: HKLM\software\classes\xbtb07618.ietoolbar\ (5 subtraces) (ID = 134853)
7:27 PM: HKLM\software\classes\xbtb07618.xbtb07618.1\ (3 subtraces) (ID = 134854)
7:27 PM: HKLM\software\classes\xbtb07618.xbtb07618\ (5 subtraces) (ID = 134855)
7:27 PM: HKLM\software\microsoft\windows\currentversion\uninstall\xbtb07618.xbtb07618toolbar\ (2 subtraces) (ID = 134857)
7:27 PM: HKCR\xbtb07618.ietoolbar.1\ (3 subtraces) (ID = 134864)
7:27 PM: HKCR\xbtb07618.ietoolbar.1\clsid\ (1 subtraces) (ID = 134865)
7:27 PM: HKCR\xbtb07618.ietoolbar\ (5 subtraces) (ID = 134866)
7:27 PM: HKCR\xbtb07618.xbtb07618.1\ (3 subtraces) (ID = 134867)
7:27 PM: HKCR\xbtb07618.xbtb07618\ (5 subtraces) (ID = 134868)
7:27 PM: Found Adware: rapidblaster
7:27 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/activeinstaller.dll\ (2 subtraces) (ID = 139221)
7:27 PM: Found Adware: relatedlinks bho
7:27 PM: HKCR\interface\{e82431bf-e8a2-45ca-8361-e5517588cda1}\ (8 subtraces) (ID = 139367)
7:27 PM: HKLM\software\classes\interface\{e82431bf-e8a2-45ca-8361-e5517588cda1}\ (8 subtraces) (ID = 139376)
7:27 PM: HKLM\software\microsoft\windows\currentversion\uninstall\relatedlinks\ (2 subtraces) (ID = 139388)
7:27 PM: Found Adware: searchtoolbar
7:27 PM: HKLM\software\searchtoolbar\ (3 subtraces) (ID = 141346)
7:27 PM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143389)
7:27 PM: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143392)
7:27 PM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
7:27 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143406)
7:27 PM: HKLM\software\microsoft\windows\currentversion\uninstall\surf sidekick\ (2 subtraces) (ID = 143408)
7:27 PM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
7:27 PM: Found Trojan Horse: topconverting downloader
7:27 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/conflict.1/website.ocx\ (2 subtraces) (ID = 143811)
7:27 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/website.ocx\ (2 subtraces) (ID = 143817)
7:27 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\conflict.1\website.ocx (ID = 143823)
7:27 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\website.ocx (ID = 143831)
7:27 PM: Found Trojan Horse: trojan-backdoor-soundcheck
7:27 PM: HKLM\system\currentcontrolset\services\msdirectx\ (7 subtraces) (ID = 144200)
7:27 PM: Found Adware: winad
7:27 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/adtoolsx.dll\ (2 subtraces) (ID = 147188)
7:27 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\adtoolsx.dll (ID = 147215)
7:27 PM: Found Adware: personal money tree
7:27 PM: HKCR\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359438)
7:27 PM: HKCR\comparishopper.application\ (3 subtraces) (ID = 359439)
7:27 PM: HKLM\software\classes\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359441)
7:27 PM: HKLM\software\classes\comparishopper.application\ (3 subtraces) (ID = 359442)
7:27 PM: Found Adware: quicklink search toolbar
7:27 PM: HKLM\software\classes\typelib\{ea420048-2898-4110-88c3-1f660b0c7ff3}\ (9 subtraces) (ID = 359443)
7:27 PM: HKCR\typelib\{ea420048-2898-4110-88c3-1f660b0c7ff3}\ (9 subtraces) (ID = 359446)
7:27 PM: HKCR\quicklinks.linktracker.1\ (3 subtraces) (ID = 359448)
7:27 PM: HKCR\quicklinks.linktracker\ (3 subtraces) (ID = 359449)
7:27 PM: HKCR\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359450)
7:27 PM: HKCR\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359451)
7:27 PM: HKLM\software\classes\quicklinks.linktracker.1\ (3 subtraces) (ID = 359452)
7:27 PM: HKLM\software\classes\quicklinks.linktracker\ (3 subtraces) (ID = 359453)
7:27 PM: HKLM\software\classes\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359454)
7:27 PM: HKLM\software\classes\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359455)
7:27 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quick links\ (2 subtraces) (ID = 359457)
7:27 PM: HKLM\software\ql\ (2 subtraces) (ID = 359458)
7:27 PM: Found Adware: shopnavupdater
7:27 PM: HKCR\clsid\{00027925-0017-4faf-9539-90e4ac0b9ec5}\ (11 subtraces) (ID = 359486)
7:27 PM: HKCR\clsid\{5e0910c6-9e45-481c-a2ec-0ec29c96ebeb}\ (11 subtraces) (ID = 359487)
7:27 PM: HKCR\clsid\{8f7d96aa-489a-4194-ab34-21ef42507932}\ (13 subtraces) (ID = 359488)
7:27 PM: HKCR\clsid\{79406f24-8e95-4af8-9fef-2ea2b504e707}\ (13 subtraces) (ID = 359489)
7:27 PM: HKCR\clsid\{b424e2aa-4466-41ca-8194-5a83995a9b15}\ (11 subtraces) (ID = 359490)
7:27 PM: HKCR\snb.band\ (5 subtraces) (ID = 359491)
7:27 PM: HKCR\sntb.bottomframe\ (5 subtraces) (ID = 359492)
7:27 PM: HKCR\sntb.leftframe\ (5 subtraces) (ID = 359493)
7:27 PM: HKCR\sntb.popupbrowser\ (5 subtraces) (ID = 359494)
7:27 PM: HKCR\sntb.popupwindow\ (5 subtraces) (ID = 359495)
7:27 PM: HKLM\software\classes\clsid\{00027925-0017-4faf-9539-90e4ac0b9ec5}\ (11 subtraces) (ID = 359496)
7:27 PM: HKLM\software\classes\clsid\{5e0910c6-9e45-481c-a2ec-0ec29c96ebeb}\ (11 subtraces) (ID = 359497)
7:27 PM: HKLM\software\classes\clsid\{8f7d96aa-489a-4194-ab34-21ef42507932}\ (13 subtraces) (ID = 359498)
7:27 PM: HKLM\software\classes\clsid\{79406f24-8e95-4af8-9fef-2ea2b504e707}\ (13 subtraces) (ID = 359499)
7:27 PM: HKLM\software\classes\clsid\{b424e2aa-4466-41ca-8194-5a83995a9b15}\ (11 subtraces) (ID = 359500)
7:27 PM: HKLM\software\classes\snb.band\ (5 subtraces) (ID = 359501)
7:27 PM: HKLM\software\classes\sntb.bottomframe\ (5 subtraces) (ID = 359502)
7:27 PM: HKLM\software\classes\sntb.leftframe\ (5 subtraces) (ID = 359503)
7:27 PM: HKLM\software\classes\sntb.popupbrowser.1\ (3 subtraces) (ID = 359504)
7:27 PM: HKLM\software\classes\sntb.popupbrowser\ (5 subtraces) (ID = 359505)
7:27 PM: HKLM\software\classes\sntb.popupwindow.1\ (3 subtraces) (ID = 359506)
7:27 PM: HKLM\software\classes\sntb.popupwindow\ (5 subtraces) (ID = 359507)
7:27 PM: HKLM\software\classes\typelib\{46bd3f46-6e46-43d2-a69d-fd8c05044475}\ (9 subtraces) (ID = 359508)
7:27 PM: HKCR\typelib\{46bd3f46-6e46-43d2-a69d-fd8c05044475}\ (9 subtraces) (ID = 359513)
7:27 PM: Found Adware: virtualbouncer
7:27 PM: HKCR\clsid\{8551311d-f3bf-4718-ad66-96e302500735}\ (11 subtraces) (ID = 392235)
7:27 PM: HKLM\software\classes\clsid\{18bbdf4d-611d-41ce-a7e7-b2dd23c250d1}\ (11 subtraces) (ID = 392390)
7:27 PM: HKLM\software\classes\clsid\{8551311d-f3bf-4718-ad66-96e302500735}\ (11 subtraces) (ID = 476604)
7:27 PM: Found Trojan Horse: trojan-downloader-ruin
7:27 PM: HKLM\software\microsoft\windows\currentversion\urls\ (9 subtraces) (ID = 605127)
7:27 PM: Found Adware: dealhelper
7:27 PM: HKLM\software\ddate\ (1 subtraces) (ID = 636618)
7:27 PM: Found Adware: couponage
7:27 PM: HKLM\software\dealsonline\.data\ (4231 subtraces) (ID = 639276)
7:27 PM: HKLM\software\ftk\ (1 subtraces) (ID = 697315)
7:27 PM: Found Adware: ist yoursitebar
7:27 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\conflict.1\ysbactivex.dll (ID = 762453)
7:27 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (1 subtraces) (ID = 763026)
7:27 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
7:27 PM: HKLM\software\microsoft\windows nt\currentversion\windows\ || appinit_dlls (ID = 819064)
7:27 PM: Found Adware: shopathomeselect
7:27 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/grinstall7.dll\ (2 subtraces) (ID = 836092)
7:27 PM: HKCR\clsid\{e9670165-86fe-4c34-8c4b-d3158ddc5d92}\ (4 subtraces) (ID = 860940)
7:27 PM: HKLM\software\classes\clsid\{e9670165-86fe-4c34-8c4b-d3158ddc5d92}\ (4 subtraces) (ID = 860969)
7:27 PM: HKLM\software\microsoft\windows\currentversion\uninstall\ftk\ (2 subtraces) (ID = 887732)
7:27 PM: Found Adware: redzip toolbar
7:27 PM: HKU\WRSS_Profile_S-1-5-21-3646499915-224621903-1653462319-500\software\microsoft\windows\currentversion\explorer\ || insid (ID = 139328)
7:27 PM: HKU\S-1-5-21-3646499915-224621903-1653462319-1006\software\xbtb07618\ (60 subtraces) (ID = 134858)
7:27 PM: HKU\S-1-5-21-3646499915-224621903-1653462319-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 139177)
7:27 PM: HKU\S-1-5-21-3646499915-224621903-1653462319-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 139177)
7:27 PM: Found Adware: search fast communicator toolbar
7:27 PM: HKU\S-1-5-21-3646499915-224621903-1653462319-1006\software\communicator toolbar\ (9 subtraces) (ID = 140688)
7:27 PM: HKU\S-1-5-21-3646499915-224621903-1653462319-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140689)
7:27 PM: HKU\S-1-5-21-3646499915-224621903-1653462319-1006\software\searchtoolbar\ (5 subtraces) (ID = 141343)
7:27 PM: HKU\S-1-5-21-3646499915-224621903-1653462319-1006\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
7:27 PM: HKU\S-1-5-21-3646499915-224621903-1653462319-1006\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
7:27 PM: HKU\S-1-5-21-3646499915-224621903-1653462319-1006\software\surfsidekick3\ (4 subtraces) (ID = 143412)
7:27 PM: Found Trojan Horse: trojan-downloader-wareout
7:27 PM: HKU\S-1-5-21-3646499915-224621903-1653462319-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {bf69df00-2734-477f-8257-27cd04f88779} (ID = 144839)
7:27 PM: Found Trojan Horse: trojan-downloader-pr-corp
7:27 PM: HKU\S-1-5-21-3646499915-224621903-1653462319-1006\software\classes\clsid\{f33812fb-f35c-4674-90f6-fd757c419c51}\ (3 subtraces) (ID = 725483)
7:27 PM: HKU\S-1-5-18\software\xbtb07618\ (1 subtraces) (ID = 134858)
7:27 PM: Registry Sweep Complete, Elapsed Time:00:00:42
7:27 PM: Starting Cookie Sweep
7:27 PM: Found Spy Cookie: yieldmanager cookie
7:27 PM: eric [email protected][1].txt (ID = 3751)
7:27 PM: Found Spy Cookie: hbmediapro cookie
7:27 PM: eric [email protected][2].txt (ID = 2768)
7:27 PM: Found Spy Cookie: addynamix cookie
7:27 PM: eric [email protected][1].txt (ID = 2062)
7:27 PM: Found Spy Cookie: pointroll cookie
7:27 PM: eric [email protected][2].txt (ID = 3148)
7:27 PM: Found Spy Cookie: belnk cookie
7:27 PM: eric [email protected][2].txt (ID = 2293)
7:27 PM: eric peppers@belnk[1].txt (ID = 2292)
7:27 PM: Found Spy Cookie: contextuads cookie
7:27 PM: eric peppers@contextuads[1].txt (ID = 2461)
7:27 PM: Found Spy Cookie: clickzs cookie
7:27 PM: eric [email protected][2].txt (ID = 2413)
7:27 PM: eric [email protected][2].txt (ID = 2293)
7:27 PM: Found Spy Cookie: 2o7.net cookie
7:27 PM: eric [email protected][2].txt (ID = 1958)
7:27 PM: Found Spy Cookie: clickandtrack cookie
7:27 PM: eric [email protected][1].txt (ID = 2397)
7:27 PM: Found Spy Cookie: kmpads cookie
7:27 PM: eric peppers@kmpads[1].txt (ID = 2909)
7:27 PM: Found Spy Cookie: nextag cookie
7:27 PM: eric peppers@nextag[2].txt (ID = 5014)
7:27 PM: Found Spy Cookie: partypoker cookie
7:27 PM: eric peppers@partypoker[2].txt (ID = 3111)
7:27 PM: eric peppers@yieldmanager[2].txt (ID = 3749)
7:27 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
7:27 PM: Starting File Sweep
7:28 PM: Found Adware: delfin
7:28 PM: c:\windows\system32\vmss (ID = -2147481116)
7:28 PM: c:\documents and settings\all users\application data\vmss (1 subtraces) (ID = -2147481132)
7:28 PM: c:\documents and settings\all users\application data\picsvr (1 subtraces) (ID = -2147481134)
7:28 PM: Found Trojan Horse: 2nd-thought
7:28 PM: c:\windows\system32\newmsrdk (ID = -2147481534)
7:28 PM: c:\documents and settings\all users\application data\vidctrl (2 subtraces) (ID = -2147477475)
7:28 PM: c:\program files\quick links (2 subtraces) (ID = -2147478145)
7:28 PM: c:\program files\surfsidekick 3 (3 subtraces) (ID = -2147480186)
7:28 PM: c:\documents and settings\all users\application data\nsv (4 subtraces) (ID = -2147481136)
7:28 PM: Found Adware: abetterinternet
7:28 PM: c:\windows\inst (ID = -2147480086)
7:28 PM: Found Trojan Horse: trojan-backdoor-securemulti
7:28 PM: ssmc.dll (ID = 145560)
7:28 PM: wmv0104.dbd (ID = 57676)
7:28 PM: wmv1215.dbd (ID = 57688)
7:29 PM: repairs302972949.dll (ID = 163735)
7:29 PM: preuninstallql.exe (ID = 131326)
7:29 PM: uninst.exe (ID = 73428)
7:29 PM: sskbho.dll (ID = 163865)
7:29 PM: sskcore.dll (ID = 163866)
7:30 PM: ssk.exe (ID = 163864)
7:30 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
7:30 PM: HKU\S-1-5-21-3646499915-224621903-1653462319-1006\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
7:30 PM: Found Adware: addestroyer
7:30 PM: inneradinstall.log (ID = 49035)
7:30 PM: Found Adware: clkoptimizer
7:30 PM: rncrcnx.dll (ID = 146387)
7:30 PM: nqanaqx.exe (ID = 146385)
7:30 PM: downloader.exe (ID = 164938)
7:30 PM: bundlelite.exe (ID = 166149)
7:30 PM: ql1mn8ao.dll (ID = 157332)
7:30 PM: grinstall7.dll (ID = 161539)
7:30 PM: hvk8tsnk.exe (ID = 157331)
7:31 PM: Found Trojan Horse: trojan downloader matcash
7:31 PM: mc-62-602-0000156.exe (ID = 162542)
7:31 PM: mc-62-602-0000156.exe (ID = 156269)
7:32 PM: bk.exe (ID = 166386)
7:32 PM: ayuau.dat (ID = 146391)
7:33 PM: bp15.exe (ID = 124065)
7:33 PM: grinstall7.dll (ID = 161539)
7:34 PM: grinstall7.dll (ID = 161539)
7:34 PM: Found Adware: elitebar
7:34 PM: proxy_inst[1].exe (ID = 144783)
7:34 PM: grinstall7.dll (ID = 161539)
7:34 PM: qldf.bin (ID = 131688)
7:34 PM: bundlelite.exe (ID = 166149)
7:34 PM: bundlelite.exe (ID = 166149)
7:35 PM: twhyqju2.xml (ID = 57651)
7:35 PM: pmtinstaller.exe (ID = 136427)
7:36 PM: preuninstallpmt.exe (ID = 74822)
7:36 PM: Found Adware: upspiral toolbar
7:36 PM: unist2.exe (ID = 82040)
7:39 PM: twhyqjk2.xml (ID = 57648)
7:40 PM: twhyqju1.xml (ID = 57650)
7:40 PM: sskknwrd.dll (ID = 77733)
7:41 PM: backup-20051019-112139-603.dll (ID = 73425)
7:41 PM: twhyqju.xml (ID = 57649)
7:41 PM: twhyqjk.xml (ID = 57646)
7:43 PM: sskcwrd.dll (ID = 77712)
7:43 PM: Found Adware: isearch desktop search
7:43 PM: deskbar.ini (ID = 64321)
7:43 PM: deskbar.ini (ID = 64321)
7:43 PM: install.inf (ID = 161519)
7:43 PM: birdihuy.dll (ID = 145094)
7:44 PM: File Sweep Complete, Elapsed Time: 00:16:03
7:44 PM: Full Sweep has completed. Elapsed time 00:22:05
7:44 PM: Traces Found: 4919
7:45 PM: Removal process initiated
7:46 PM: Quarantining All Traces: abetterinternet
7:46 PM: Quarantining All Traces: elitebar
7:46 PM: Quarantining All Traces: 2nd-thought
7:46 PM: Quarantining All Traces: clkoptimizer
7:46 PM: Quarantining All Traces: cws-aboutblank
7:46 PM: Quarantining All Traces: topconverting downloader
7:46 PM: Quarantining All Traces: trojan downloader matcash
7:46 PM: Quarantining All Traces: trojan-backdoor-securemulti
7:46 PM: Quarantining All Traces: trojan-backdoor-soundcheck
7:46 PM: Quarantining All Traces: trojan-downloader-pr-corp
7:46 PM: Quarantining All Traces: trojan-downloader-ruin
7:46 PM: Quarantining All Traces: trojan-downloader-wareout
7:46 PM: Quarantining All Traces: addestroyer
7:46 PM: Quarantining All Traces: couponage
7:46 PM: Quarantining All Traces: dealhelper
7:46 PM: Quarantining All Traces: delfin
7:46 PM: Quarantining All Traces: flashtrack
7:46 PM: Quarantining All Traces: internetoptimizer
7:46 PM: Quarantining All Traces: isearch desktop search
7:46 PM: Quarantining All Traces: ist yoursitebar
7:46 PM: Quarantining All Traces: maxifiles
7:46 PM: Quarantining All Traces: personal money tree
7:46 PM: Quarantining All Traces: quicklink search toolbar
7:46 PM: Quarantining All Traces: rapidblaster
7:46 PM: Quarantining All Traces: redzip toolbar
7:46 PM: Quarantining All Traces: relatedlinks bho
7:46 PM: Quarantining All Traces: search fast communicator toolbar
7:46 PM: Quarantining All Traces: searchtoolbar
7:46 PM: Quarantining All Traces: shopathomeselect
7:46 PM: Quarantining All Traces: shopnavupdater
7:46 PM: Quarantining All Traces: surfsidekick
7:47 PM: surfsidekick is in use. It will be removed on reboot.
7:47 PM: c:\program files\surfsidekick 3 is in use. It will be removed on reboot.
7:47 PM: repairs302972949.dll is in use. It will be removed on reboot.
7:47 PM: sskbho.dll is in use. It will be removed on reboot.
7:47 PM: sskcore.dll is in use. It will be removed on reboot.
7:47 PM: ssk.exe is in use. It will be removed on reboot.
7:47 PM: C:\WINDOWS\SYSTEM32\repairs302972949.dll is in use. It will be removed on reboot.
7:47 PM: C:\Program Files\SurfSideKick 3\SskBho.dll is in use. It will be removed on reboot.
7:47 PM: C:\Program Files\SurfSideKick 3\SskCore.dll is in use. It will be removed on reboot.
7:47 PM: Quarantining All Traces: upspiral toolbar
7:47 PM: Quarantining All Traces: virtualbouncer
7:47 PM: Quarantining All Traces: winad
7:47 PM: Quarantining All Traces: 2o7.net cookie
7:47 PM: Quarantining All Traces: addynamix cookie
7:47 PM: Quarantining All Traces: belnk cookie
7:47 PM: Quarantining All Traces: clickandtrack cookie
7:47 PM: Quarantining All Traces: clickzs cookie
7:47 PM: Quarantining All Traces: contextuads cookie
7:47 PM: Quarantining All Traces: hbmediapro cookie
7:47 PM: Quarantining All Traces: kmpads cookie
7:47 PM: Quarantining All Traces: nextag cookie
7:47 PM: Quarantining All Traces: partypoker cookie
7:47 PM: Quarantining All Traces: pointroll cookie
7:47 PM: Quarantining All Traces: yieldmanager cookie
7:47 PM: Warning: Timed out waiting for explorer.exe
7:47 PM: Warning: Timed out waiting for explorer.exe
7:47 PM: Warning: Timed out waiting for explorer.exe
7:47 PM: Warning: Quarantine process could not restart Explorer.
7:50 PM: Removal process completed. Elapsed time 00:04:31
********
7:20 PM: | Start of Session, Tuesday, October 25, 2005 |
7:20 PM: Spy Sweeper started
7:21 PM: Your spyware definitions have been updated.
7:21 PM: | End of Session, Tuesday, October 25, 2005 |

Logfile of HijackThis v1.99.1
Scan saved at 8:04:28 PM, on 10/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\DELL\AccessDirect\dadapp.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} - http://downloads.sho...all4110_sp2.cab
O20 - AppInit_DLLs: repairs302972949.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: Adobe Acrobat 5.0 - {BB02D600-86DF-6C80-2CE6-5654267939DA} - c:\program files\adobe\acrobat 5.0\reader\wcimt32.dll (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#10
andydf

Posted 26 October 2005 - 01:10 PM

Visiting Staff

Visiting Consultant
1,660 posts

When you open Reglite in safe mode and paste the line.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows

What folder is highlighted? is it the Windows folder or the Windoz folder?

Andy :tazz:

#11
western14

Posted 28 October 2005 - 08:06 AM

Member

Topic Starter
Member
51 posts

Hi,

It highlights the Windows file, but the windows file doesnt have everything that the windoz file has.

thanks,
Eric

#12
andydf

Posted 28 October 2005 - 11:58 AM

Visiting Staff

Visiting Consultant
1,660 posts

Ok, which one of the folders contains the file repairs302972949.dll, and are you able to follow the instuctions in post 6 to delete it?

Also can I see a current HJT log.

Thanks

Andy :tazz:

#13
Michelle

Posted 29 October 2005 - 12:45 AM

Malware Removal Goddess

Retired Staff
8,928 posts

Hello western14 :tazz:

Will you please do this for us?

Go to Start > Run. Paste the following line into the box:

regedit /e c:\windoz.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windoz"

Click OK.

Please do the same for this line:

regedit /e c:\windows.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows"

Click OK.

Open Windows Explorer (right-click the Start button and go to Explore), then navigate to these files:

C:\windows.txt
C:\windoz.txt

Please paste the contents of both files into your next reply.

Thanks!

#14
western14

Posted 30 October 2005 - 01:27 PM

Member

Topic Starter
Member
51 posts

Hi,

Here is what is inside of those folders. Thanks

Eric

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windoz]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="repairs302972949.dll"

Logfile of HijackThis v1.99.1
Scan saved at 1:25:54 PM, on 10/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\DELL\AccessDirect\dadapp.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} - http://downloads.sho...all4110_sp2.cab
O20 - AppInit_DLLs: repairs302972949.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: Adobe Acrobat 5.0 - {BB02D600-86DF-6C80-2CE6-5654267939DA} - c:\program files\adobe\acrobat 5.0\reader\wcimt32.dll (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#15
Michelle

Posted 30 October 2005 - 07:37 PM

Malware Removal Goddess

Retired Staff
8,928 posts

First, set your system to SHOW HIDDEN FILES if you have not already done so.

Then, please download fixme.zip from here:

fixme.zip 345bytes 124 downloads

Unzip it to your desktop. Don't do anything with it yet.

Reboot into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode then hit enter. (log in under your user account, not administrator)

Open Windows Explorer (right-click the Start button and go to Explore) and navigate to the following folder:

C:\Windows\system32

Inside that folder there will probably be a file called:

repairs302972949.dll

Don't do anything with it, just keep Windows Explorer open so you can see the file.

Go into the unzipped fixme folder and double-click fixme.reg and when asked if you want to merge with the registry click YES. Then immediately delete the repairs302972949.dll file out of the system32 folder. Reboot into normal mode.

Please let me know if you run into any problems with this, if you can not locate that file, then skip that part and just double-click fixme.reg and allow it to merge with the registry.