Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hacktool.Rootkit help please [CLOSED]

Started by joeyryan , Oct 23 2005 01:28 PM

This topic is locked

#46
joeyryan

Posted 01 November 2005 - 04:51 AM

Member

Topic Starter
Member
45 posts

Spyware:Spyware/SafeSurf No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\ExtractDLL.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\i37.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_1895.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_19BD.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_1D00.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_2DDC.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_2F5D.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_2FE0.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_3166.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_31CC.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_343A.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_3454.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_35D6.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_3668.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_36D2.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_3758.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_3790.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_385.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_38C9.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_3984.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_3994.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_39B3.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_3B1B.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_3C05.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_3CA1.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_3CD0.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_3D9B.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_40C8.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_4183.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_41B2.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_4403.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_4491.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_44CF.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_450E.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_4905.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_4992.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_4C12.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_4D3B.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_4D9E.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_4FEB.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_5162.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_51CF.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_522D.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_56E0.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_5980.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_5B35.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_5BAC.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_5BFA.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_5CB6.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_5D91.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_5E04.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_5E62.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_5FE2.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_6050.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_614A.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_6198.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_61DD.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_631F.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_6325.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_63BB.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_648C.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_64A5.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_653D.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_65C6.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_65D4.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_666A.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_670D.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_686E.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_68F1.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_6A81.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_6A97.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_6BDF.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_6E89.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_6F64.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_7034.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_710F.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_72BF.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_7416.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_7474.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_778.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_78C.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_7C79.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_7FE4.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_8193.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_81A3.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_828D.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_8414.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_8950.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_8973.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_8A00.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_8B19.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_8B7F.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_8BA6.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_8E31.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_8F30.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_94BE.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_95B8.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_97F6.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_9867.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_9948.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_9980.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_999F.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_99EE.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_9C01.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_9D59.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_9DD6.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_9E2B.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_9EEF.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_9FBA.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_A102.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_A185.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_A4CB.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_A994.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_AA1A.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_AA59.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_ABC0.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_ACC0.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_ACDA.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_AD57.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_AD9C.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_AF81.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_AFBF.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_B100.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_B1EA.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_B440.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_B7C2.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_BE3D.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_BEAA.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_C46.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_C738.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_C829.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_CFA4.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_E92A.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_EA85.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_EAEA.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_F817.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_FC0B.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\k_FEA.tmp
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\U2F.tmp
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\Joey\Local Settings\Temp\xx.html
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\Joey\mc-110-12-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\Download\freeprodtb.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\Download\mc-110-12-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet\mc-110-12-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet\mc-58-12-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet\mc-59-627-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet\mc-62-602-0000156.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll[cwebpage.dll]
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\Windows\mc-58-12-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\Windows\mc-59-627-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\Windows\mc-62-602-0000156.exe
Adware:Adware/Maxifiles No disinfected C:\WINDOWS\mc-110-12-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\WINDOWS\mc-58-12-0000166.exe
Adware:Adware/Popper No disinfected C:\WINDOWS\nenmxvf.exe
Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\system32\comdlg32.exe
Adware:Adware/BigTrafficNet No disinfected C:\WINDOWS\system32\nsm556.dll
Virus:Trj/Downloader.FDU Disinfected C:\WINDOWS\system32\vidmon\vidmon.exe
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Temp\k_145F.tmp
Adware:Adware/Popper No disinfected C:\WINDOWS\xjjedgu.exe

#47
joeyryan

Posted 01 November 2005 - 04:53 AM

Member

Topic Starter
Member
45 posts

Logfile of HijackThis v1.99.1
Scan saved at 2:37:54 AM, on 11/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.shar...ver/Install.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.ai...AIM.9.5.1.8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#48
andydf

Posted 01 November 2005 - 01:17 PM

Visiting Staff

Visiting Consultant
1,660 posts

Hello Joeyryan

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

1.
First we need to make all files and folders VISIBLE:

Go to start>control panel>folder options>view (tab)
*choose to "show hidden files and folders,"
*uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
*Close the window with ok
*All hidden files will now be visible

Click This link for further help.

2.
Download and install CleanUp!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, if it does go ahead and reboot.

3.
Please download the Killbox by Option^Explicit.

* Save it to your desktop.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\PROGRAM FILES\COMMON FILES\system32.dll
C:\Documents and Settings\Joey\mc-110-12-0000166.exe
C:\Program Files\Common Files\Download\freeprodtb.exe
C:\Program Files\Common Files\Download\mc-110-12-0000166.exe
C:\Program Files\Common Files\InetGet\mc-110-12-0000166.exe
C:\Program Files\Common Files\InetGet\mc-58-12-0000166.exe
C:\Program Files\Common Files\InetGet\mc-59-627-0000166.exe
C:\Program Files\Common Files\InetGet\mc-62-602-0000156.exe
C:\Program Files\Common Files\system32.dll
C:\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe
C:\Program Files\Common Files\Windows\mc-58-12-0000166.exe
C:\Program Files\Common Files\Windows\mc-59-627-0000166.exe
C:\Program Files\Common Files\Windows\mc-62-602-0000156.exe
C:\WINDOWS\mc-110-12-0000166.exe
C:\WINDOWS\mc-58-12-0000166.exe
C:\WINDOWS\nenmxvf.exe
C:\WINDOWS\system32\comdlg32.exe
C:\WINDOWS\system32\nsm556.dll
C:\WINDOWS\xjjedgu.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. If your computer does not restart automatically, please restart it manually.

4.
After the reboot.

Use windows search facility to find and delete the following.

C:\WINDOWS\SYSTEM32\Searchx.htm <---delete this file
C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs <---delete this file
C:\Documents and Settings\Joey\Favorites\1111 <---delete this file
C:\Documents and Settings\Joey\Favorites\Casino & Carrers <---delete this file

5.
Please run the active scan again and post the results for me to see.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working.

Andy

#49
joeyryan

Posted 02 November 2005 - 03:11 AM

Member

Topic Starter
Member
45 posts

Incident Status Location

Adware:adware/maxifiles No disinfected C:\PROGRAM FILES\COMMON FILES\InetGet
Adware:adware/elitebar No disinfected C:\Documents and Settings\Joey\Favorites\Finances & Business
Spyware:spyware/betterinet No disinfected Windows Registry
Adware:Adware/IST.ISTBar No disinfected C:\Documents and Settings\Joey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-4514e5ea-17a50a3f.zip[InstallerApplet.class]
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\Joey\Desktop\aimfix_quarantine\19943_services32.exe.bak
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\Joey\mc-110-12-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\Download\freeprodtb.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\Download\mc-110-12-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet\mc-110-12-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet\mc-58-12-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet\mc-59-627-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet\mc-62-602-0000156.exe
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\Windows\mc-58-12-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\Windows\mc-59-627-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\Windows\mc-62-602-0000156.exe
Adware:Adware/Maxifiles No disinfected C:\WINDOWS\mc-110-12-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\WINDOWS\mc-58-12-0000166.exe
Adware:Adware/Popper No disinfected C:\WINDOWS\nenmxvf.exe
Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\system32\comdlg32.exe
Adware:Adware/BigTrafficNet No disinfected C:\WINDOWS\system32\nsm556.dll
Adware:Adware/Popper No disinfected C:\WINDOWS\xjjedgu.exe

#50
joeyryan

Posted 02 November 2005 - 03:12 AM

Member

Topic Starter
Member
45 posts

Logfile of HijackThis v1.99.1
Scan saved at 1:12:10 AM, on 11/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.shar...ver/Install.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.ai...AIM.9.5.1.8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#51
andydf

Posted 02 November 2005 - 02:39 PM

Visiting Staff

Visiting Consultant
1,660 posts

Hello joeyryan

Lets try and hit these with Killbox again

* Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\PROGRAM FILES\COMMON FILES\InetGet
C:\Documents and Settings\Joey\Favorites\Finances & Business
C:\Documents and Settings\Joey\mc-110-12-0000166.exe
C:\Program Files\Common Files\Download\freeprodtb.exe
C:\Program Files\Common Files\Download\mc-110-12-0000166.exe
C:\Program Files\Common Files\InetGet\mc-110-12-0000166.exe
C:\Program Files\Common Files\InetGet\mc-58-12-0000166.exe
C:\Program Files\Common Files\InetGet\mc-59-627-0000166.exe
C:\Program Files\Common Files\InetGet\mc-62-602-0000156.exe
C:\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe
C:\Program Files\Common Files\Windows\mc-58-12-0000166.exe
C:\Program Files\Common Files\Windows\mc-59-627-0000166.exe
C:\Program Files\Common Files\Windows\mc-62-602-0000156.exe
C:\WINDOWS\mc-110-12-0000166.exe
C:\WINDOWS\mc-58-12-0000166.exe
C:\WINDOWS\nenmxvf.exe
C:\WINDOWS\system32\comdlg32.exe
C:\WINDOWS\system32\nsm556.dll
C:\WINDOWS\xjjedgu.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. If your computer does not restart automatically, please restart it manually.

After the reboot

I see you already have Ad-Aware installed, please make sure it is the latest version, then follow the instructions below.

Run Ad-Aware with the latest update.

Download the latest version of Ad-Aware (Ad-Aware SE Build 1.06r1) from here.
If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
Once the definitions have been updated:
Reconfigure Ad-Aware for Full Scan as per the following instructions:
- Launch the program, and click on the Gear at the top of the start screen.
- Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
  - "Automatically save logfile"
  - Automatically quarantine objects prior to removal"
  - Safe Mode (always request confirmation)
  - Prompt to update outdated confirmation) - Change to 7 days.
- Click the "Scanning" button (On the left side).
- Under Drives & Folders, select "Scan within Archives"
- Click "Click here to select Drives + folders" and select your installed hard drives.
- Under Memory & Registry, select all options.
- Click the "Advanced" button (On the left hand side).
- Under "Shell Integration", select "Move deleted files to Recycle Bin".
- Under "Log-file detail", select all options.
- Click on the "Defaults" button on the left.
- Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
- Click the "Tweak" button (Again, on the left hand side).
- Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:
  - "Unload recognized processes during scanning."
  - "Obtain command line of scanned processes"
  - "Scan registry for all users instead of current user only"
- Under "Cleaning Engine", select the following:
  - "Automatically try to unregister objects prior to deletion."
  - "During removal, unload explorer and IE if necessary"
  - "Let Windows remove files in use at next reboot."
  - "Delete quarrantined objects after restoring"
- Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
- Click on "Proceed" to save these Preferences.
- Click on the "Scan Now" button on the left.
- Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
Close all programs except ad-aware.
Click on "Next" in the bottom right corner to start the scan.
Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.

Plug-Ins for Ad-Aware (VX2 Cleaner)

*Close Ad-Aware, if it is currently open.

* Download the VX2 Cleaner 2.0 Plug-in Here.

* After installing, restart Ad-Aware before running the VX2 Cleaner.

*Using VX2 Cleaner 2.0

*NOTE: If you have earlier attempted to run Ad-Aware to remove VX2, you may need to run the VX2 Cleaner several times to remove possible VX2 remains.

*If you have already attempted to remove VX2 with Ad-Aware, do the following:

* Before running the VX2 Cleaner, make sure other anti-virus or anti-spyware applications are closed.

* Run the VX2 Cleaner. If you computer is infected with VX2, a dialog box with text such as “New VX2 variant found” or “VX2 variant 1 found” will appear.

* Press "Clean" and a dialog box with text “The first phase completed. Please reboot and perform a Smart Scan" will appear. After saving your work, reboot your system manually.

* Repeat this until the VX2 Cleaner reports "System clean". Press "Close” to exit.

* Run Ad-Aware one more time and scan your computer to make sure VX2 has been found and removed.

Manually download Latest definition file: Here
Please Note Version SE Build 1.06 is now available! This download is for use with Ad-Aware SE versions only.
Manual Installation: Unzip the archive, replace the existing file and restart Ad-Aware\Ad-Watch.
You can also use the webupdate component implemented in Ad-Aware to install this update.

Please rescan with HJT and post a fresh log, and if possible please run the active scan one last time (hopefully)

Andy

#52
joeyryan

Posted 03 November 2005 - 04:42 AM

Member

Topic Starter
Member
45 posts

Logfile of HijackThis v1.99.1
Scan saved at 2:41:48 AM, on 11/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.shar...ver/Install.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.ai...AIM.9.5.1.8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#53
andydf

Posted 03 November 2005 - 01:51 PM

Visiting Staff

Visiting Consultant
1,660 posts

Hello Joeyryan

Please open HJT and scan, place a check next to the following entry.

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.shar...ver/Install.cab

Now close all windows other than HiJackThis, then click Fix Checked.

Apart from this your log looks clean

My fault for not asking but what was the result from the last active scan?

How is your system running now, any problems?

Can you tell me what version of norton you are using? From your uninstall list it is 2002, also have you got a firewall installed? I don't see one in your log.

Andy :tazz:

#54
joeyryan

Posted 04 November 2005 - 05:08 PM

Member

Topic Starter
Member
45 posts

Active Scan

Incident Status Location

Adware:adware/maxifiles No disinfected C:\PROGRAM FILES\COMMON FILES\InetGet
Adware:adware/elitebar No disinfected C:\Documents and Settings\Joey\Favorites\Finances & Business
Spyware:spyware/betterinet No disinfected Windows Registry
Adware:Adware/IST.ISTBar No disinfected C:\Documents and Settings\Joey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-4514e5ea-17a50a3f.zip[InstallerApplet.class]
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\Joey\Desktop\aimfix_quarantine\19943_services32.exe.bak
Virus:Trj/ProcKill.K Disinfected C:\Documents and Settings\Joey\Desktop\aimfix_quarantine\19956_xz.bat.bak
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\Joey\mc-110-12-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\Download\freeprodtb.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\Download\mc-110-12-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet\mc-110-12-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet\mc-58-12-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet\mc-59-627-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet\mc-62-602-0000156.exe
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\Windows\mc-58-12-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\Windows\mc-59-627-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\Windows\mc-62-602-0000156.exe
Adware:Adware/Maxifiles No disinfected C:\WINDOWS\mc-110-12-0000166.exe
Adware:Adware/Maxifiles No disinfected C:\WINDOWS\mc-58-12-0000166.exe
Adware:Adware/Popper No disinfected C:\WINDOWS\nenmxvf.exe
Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\system32\comdlg32.exe
Adware:Adware/BigTrafficNet No disinfected C:\WINDOWS\system32\nsm556.dll
Adware:Adware/Popper No disinfected C:\WINDOWS\xjjedgu.exe

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 3:07:24 PM, on 11/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.ai...AIM.9.5.1.8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

The computer runs fine, but I still get a Virus warning when I run a scan saying the Hacktool.Rootkit is still in my system.

#55
andydf

Posted 06 November 2005 - 09:11 AM

Visiting Staff

Visiting Consultant
1,660 posts

Hi joeyryan

Please follow the instructions below.

Step #1 - Create a New Restore Point

Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.

Step #2 - Flush All Previous Points

Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point.

Step #3 - Lets give Spysweeper another run, please follow the instructions below.

Open SpySweeper

click "Options" on the left.
click the "Update Definitions" button.
After the defintions are updated, under Options still, click "Sweep Options".
- Put a check next to "Sweep Contents of Compressed Files"
- Put a check next to "Sweep for Rootkits".
Click the "Results" button on the left and click "Session Log".
Click the "Clear Session History" button.
Click the "Sweep" button on the left and click "Start" let it scan, remove everything it finds, then please post the log as you did last time.

Andy

#56
joeyryan

Posted 08 November 2005 - 11:20 AM

Member

Topic Starter
Member
45 posts

********
2:29 AM: | Start of Session, Tuesday, November 08, 2005 |
2:29 AM: Spy Sweeper started
2:29 AM: Sweep initiated using definitions version 569
2:29 AM: Starting File Sweep
2:29 AM: Warning: Failed to open file "c:\hiberfil.sys". The process cannot access the file because it is being used by another process
2:29 AM: Warning: Failed to open file "c:\pagefile.sys". The process cannot access the file because it is being used by another process
2:31 AM: Warning: Failed to open file "c:\documents and settings\joey\msdirectx.sys". Access is denied
2:31 AM: Warning: Failed to open file "c:\documents and settings\joey\ntuser.dat". The process cannot access the file because it is being used by another process
2:31 AM: Warning: Failed to open file "c:\documents and settings\joey\ntuser.dat.log". The process cannot access the file because it is being used by another process
2:31 AM: Warning: Failed to open file "c:\documents and settings\joey\application data\mozilla\firefox\profiles\0499y0vn.default\parent.lock". The process cannot access the file because it is being used by another process
2:32 AM: Warning: Failed to open file "c:\documents and settings\joey\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
2:32 AM: Warning: Failed to open file "c:\documents and settings\joey\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs037afbf1-296f-41cb-834f-32ca76debdf0.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0aff978e-3287-4b7c-ab55-c07e890fdfd9.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0b98756b-8655-4b65-a5cb-c30236dea3d1.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0cc11986-0f85-4ed5-9e3a-57f8f2930b41.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0d4cb49e-efdc-4bc4-8c06-77f2b85d75bf.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0d7452f4-8700-4172-9d2e-41ec38bbeae7.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0f242c67-b081-4db4-af14-7bba9ed0b653.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs11c866c3-5191-4340-b2d4-3c5c1ed05db5.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs123b85bf-4aca-4f42-a268-7d359a380ff1.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs14396909-6dfa-45f8-ad4a-835bcd27da6e.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs14a9bf4f-30bf-450c-a34f-73f93d632174.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs14babd27-0c76-4874-8765-c4342ed877c5.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs162e604a-7850-479d-9278-598788960c7c.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1830a848-1fe5-4859-8c01-c5fddb4ea968.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs183d54d6-cda5-49b2-9fbb-da23d6a2f23e.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs19235a67-d600-42de-9fcc-ac2cfc8491d1.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1a8e7a90-0710-4490-a58c-4f8aeb585567.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1b606a6e-4733-48b6-99e7-081d99974a33.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1e0d09f1-ac72-4a68-b574-fc4b1b16d700.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs210472eb-cc13-4e29-b3c3-60c26da48562.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs21ade7ef-21a7-436a-b548-b2b4aa103e4d.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs244c8c68-6fe6-4016-b0fd-52a8247f574b.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2770d01c-4e32-4c1f-80a0-8998ac9b851b.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2cb00550-84dd-4270-bf5e-d3601a9157f5.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2d4f62a5-080d-492a-81f2-54a816d32cd7.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2ebb4bb6-1771-4da5-9375-7e0d82d8a9c7.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs332c84f9-3bf6-41ad-8867-fc75263430ac.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs367084aa-7711-40cb-96a7-c22b87be89ae.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3832cb00-b296-4c86-bf68-155c1beedcd0.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3aec36cd-8941-4fea-835f-3e73dbeb631e.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3e0c76b6-0861-43ef-add9-799cd92706fd.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs40b79c57-faa0-4deb-b49d-eac3db48b26a.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4226e0d0-838f-4486-9117-e58d527c915b.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs447150b6-4b0d-4467-8b79-063b035dfced.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs44b06fb7-5bac-49ee-ad39-735258c37515.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs48225d9c-09bc-49b8-9e79-be57acee1e81.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4b21887d-87b6-4253-8e83-6760d1d4c9e3.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4da40cba-1789-4cdc-8ae6-d8c4accdb25e.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4ed42805-cabe-4274-a491-ec570c976355.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs556a000e-ebb1-48a4-bd96-1dfef9bad5ed.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs57d6cce0-bb8d-4aad-a1af-897b82ffe288.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5839f14d-3e9e-4d6f-a096-08413edf52e5.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs58838e33-3ab7-40c5-b8ff-e548d088c9eb.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5a648e5c-15e4-45b6-9aa4-1321a22156dc.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5c9543c7-5bf5-4d92-aa84-bc6df601f083.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5ff5aa48-ee33-4e63-b7ff-bfef4396b45e.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs60f703e2-7a0c-4019-b9a4-6f037ed9f9b6.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs64504079-343b-4f83-ab2d-b4f5f6d81001.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6dfd4004-8e4f-4c3f-8161-f686452f6e27.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6e495276-a1d7-4857-ab92-42adb4c9c723.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs70b39a63-d642-4053-b970-a005a6e0d5a9.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7adda9b0-ad10-437c-a8b4-5e965cf5d7b4.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7b5436b8-afe8-48cb-b3ba-3d0a43511ac9.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7d6746b7-92e0-473e-ae1d-42173cf82e32.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7e578545-062c-4e85-8aa3-9ccfddf4d439.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs85f830d9-cf6c-4593-8896-cd7e22258fb7.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs89108d6b-6981-4139-b8d7-9fe345f338de.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs89a23851-006c-45ae-96e2-c627ccb873bb.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8ee6708a-e9a2-471d-bf63-31dad8260a85.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8fdc153f-abf2-44d6-96fb-bf876192aa55.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs918158ea-2957-4a9a-ab7f-e944de874e4d.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs93d6daea-2042-47bc-9b57-f7d0b3fa03d0.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs977fbb19-0f76-430f-8f3b-be1ca89d1b02.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs991ee066-4a23-411b-bf6e-fb6f944b12a5.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9af85be1-b9f6-4bb0-a70e-963357b2513b.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9b10424c-d11c-4fa0-8f6d-aacd0f4974e4.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa6db51b3-7298-4809-9452-33b543319025.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa73467cd-287f-4574-9796-32a23d5ceac8.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa85239a7-7319-4546-a293-83b5a469deea.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa939090b-0971-4e66-87a3-efbb97d42d21.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa997e6e2-a69a-4ffc-bd05-ee9ff6c5d825.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsac4adbdd-3224-4fd4-b528-7869322b1703.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsad5a883e-78c3-41cf-8c28-f9046e9f6bc9.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb907b176-1546-40b0-9e6d-b59eedc2c050.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsba48e0b5-ca2e-4437-b516-d8cdc44af6bf.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbaeb4ec4-b0e6-4392-a5a0-b97001274acd.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbcafa256-da91-436a-ad7c-c7ac200b34d7.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbdad4d5c-e6d6-4b3d-bb55-32f5ae277880.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc2869725-3d40-4b42-aaa3-b8d4a0a97bcb.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc4896cff-b020-42e4-bd05-634052687cb3.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc49aa436-e004-4f24-87d7-211f7208f81d.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc5e66eb3-0e83-4fe1-b109-d147f1329532.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc8400ce8-e1a3-470e-8f30-201f18e5c9cc.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc928de6c-4ff3-4186-b95d-2c3fa160fe4d.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscac83ed2-a9f4-4005-a772-ae1513156dd6.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscde11061-7967-4a60-9850-3bcb85987437.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd1e85621-83b3-41f3-aa2b-cf88cd71693a.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd5cb7112-7ce0-455b-9acb-196cc0a92a54.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd68b7be1-898d-4201-9585-a2e9d3efe0f7.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd77df871-d19b-4b5f-9e64-f2976d180ca2.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdb6bf225-57fb-4d0d-b0dd-02806dd53f60.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse17de75c-2e3b-4d35-898a-27e8f21bf8f7.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse3591377-7429-4e8c-9ab7-c3e1da419554.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse44734a1-c1ab-4978-8fde-9b3cbb53ce4a.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse7306c28-5705-4b6f-8b91-be295544144a.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse76416a1-64e4-4e69-afaa-d55fa612b58c.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse77f44e4-ed1d-402c-9825-48355cb89492.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse7c3413a-6d71-485e-828e-631f8cab574b.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf4661737-221f-4826-b151-87cb29d95d70.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf58a7a27-1e63-43bf-ab36-a6a4e735a8cb.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfa67d39b-036e-45cc-9afe-84662a49ee79.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfd0ac3d8-1e33-4a1c-9832-4e4df484142f.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfe647cb2-da66-413b-850d-b9f2629bc649.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsff2d527d-1254-44d7-9d02-888a74621be3.tmp". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
2:33 AM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
2:33 AM: Found Trojan Horse: trojan downloader matcash
2:33 AM: 19943_services32.exe.bak (ID = 184143)
2:35 AM: c:\program files\common files\inetget (5 subtraces) (ID = -2147477182)
2:35 AM: c:\program files\common files\inetget2 (3 subtraces) (ID = -2147471395)
2:35 AM: mc-110-12-0000166.exe (ID = 184140)
2:35 AM: mc-110-12-0000166.exe (ID = 184141)
2:35 AM: mc-58-12-0000166.exe (ID = 184141)
2:35 AM: mc-59-627-0000166.exe (ID = 184141)
2:35 AM: mc-62-602-0000156.exe (ID = 184141)
2:35 AM: mc-58-12-0000166.exe (ID = 184141)
2:35 AM: mc-59-627-0000166.exe (ID = 184141)
2:35 AM: mc-62-602-0000156.exe (ID = 184141)
2:36 AM: Found Trojan Horse: trojan-backdoor-surila
2:36 AM: webhost2.exe (ID = 184175)
2:39 AM: Found Trojan Horse: fu rootkit components
2:39 AM: a0029637.sys (ID = 134168)
2:41 AM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{8a70ddd7-1508-41cf-96f5-d70435346b4a}.bin". The process cannot access the file because it is being used by another process
2:41 AM: Found Adware: ezula ilookup
2:41 AM: nsv14.dll (ID = 180772)
2:42 AM: Warning: Failed to open file "c:\windows\system32\catroot2\edb.log". The process cannot access the file because it is being used by another process
2:42 AM: Warning: Failed to open file "c:\windows\system32\catroot2\tmp.edb". The process cannot access the file because it is being used by another process
2:42 AM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
2:42 AM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
2:42 AM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
2:42 AM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
2:42 AM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
2:42 AM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
2:42 AM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
2:42 AM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
2:42 AM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
2:42 AM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
2:43 AM: File Sweep Complete, Elapsed Time: 00:13:42
2:43 AM: Full Sweep has completed. Elapsed time 00:13:42
2:43 AM: Traces Found: 22
9:18 AM: Removal process initiated
9:19 AM: Quarantining All Traces: trojan downloader matcash
9:19 AM: Quarantining All Traces: trojan-backdoor-surila
9:19 AM: Quarantining All Traces: fu rootkit components
9:19 AM: Quarantining All Traces: ezula ilookup
9:19 AM: Removal process completed. Elapsed time 00:00:16
********
2:29 AM: | Start of Session, Tuesday, November 08, 2005 |
2:29 AM: Spy Sweeper started
2:29 AM: | End of Session, Tuesday, November 08, 2005 |

#57
andydf

Posted 08 November 2005 - 02:02 PM

Visiting Staff

Visiting Consultant
1,660 posts

Hi Joeyryan

Are you still getting the warnings from norton?

Can you tell me what version of norton you are using? From your uninstall list it is 2002, also have you got a firewall installed? I don't see one in your log.

Andy :tazz:

#58
joeyryan

Posted 08 November 2005 - 11:04 PM

Member

Topic Starter
Member
45 posts

My bad...

It's Norton 2002 and I have no idea if I have a firewall installed. And yes, the Virus Warning still comes up, although the cpu works great.

#59
andydf

Posted 09 November 2005 - 01:58 PM

Visiting Staff

Visiting Consultant
1,660 posts

OK

Norton 2002 is a long way out of date and is probably not protecting your PC as well as an up to date AV.
I strongly suggest you update to a newer version of norton (if you like Norton), if you do not wish to pay for a new AV there are a few very highly recommended free versions around.
It is also vital that you have a firewall set up and running, there are also free versions of these available as well. Without either of these you are wide open to re-infection, please click the link below where there is a selection of free AV and firewall programs.
Click here

If you decide to install one of the free AV's please be sure to uninstall norton first, it is not recommended to run two AV's at the same time.

Surfing the internet without a firewall is very risky, a firewall will monitor all incoming and out going traffic on your system while your connected to the internet. It will also ask you every time an application wants to connect to the internet, you have the choice to allow or deny it having access and it can be configured to remember your answer.

As a recommendation, AVG and Sygate would be myl choice but it is down to personal preference at the end of the day.

Please get a firewall and up to date AV installed, after which we will continue with your problems.

Andy :tazz:

#60
andydf

Posted 23 November 2005 - 03:41 PM

Visiting Staff

Visiting Consultant
1,660 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.