Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Desktop, Browser hijacked [CLOSED]

Started by eugenec , Dec 26 2005 12:48 PM

  • This topic is locked This topic is locked

#1
eugenec
Posted 26 December 2005 - 12:48 PM

eugenec

    New Member

  • Member
  • Pip
  • 8 posts
Merry Christmas! I got a nice gift on my PC. I got infected...not sure how. First I had that black screen on my desktop telling me i was infected and now my desktop is white but seems "active" somehow. Lots of other wierd symptoms including reduced speed, IE takes forever to load, etc...

I followed all directions from the sticky and still have problems. Here is my Ewido log followed by my Hijack this Log. Please help! and thanks.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:32:51 PM, 12/26/2005
+ Report-Checksum: F0D0A9E2

+ Scan result:

[1788] C:\WINDOWS\d3jr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iedt.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\iepx32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\iera.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ierc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iesx32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ipdi.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ipmo.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javahg.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javakv.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javanv32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javasx.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\KB890923.log:stqmz -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB904706.log:hoosp -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\KB904706.log:piwmn -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mdm.ini:myrkl -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfcku32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfcmm32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfcna32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfcsj.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mslg32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\msqx32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\msxf32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\msyg32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\msyp.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netqf.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netqt32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netvb32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netvv.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netyf.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\NSREX.INI:wjucr -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntap32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntfi32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\nthd32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntii.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntlg.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntmv32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\n_rkpwtp.log -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_vufbht.log -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_zwmqtz.dat -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sdkib.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sdkip.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdksj.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sdkub.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sdkvf32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sdkvp32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sysbg32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sysji.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sysjk.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\addag.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\adddx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addfi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addgg32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\addhh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addjt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addng32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\addvh32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apiee32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apiiy32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apijn32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apinn.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\appce.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\appfn32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\appwx32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\appzx.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\crat.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\criv32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\crlj.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3am.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3cl.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3di.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3et32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3qi32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3wn32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ieoi.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ipau.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ipfl32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ipfn32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ipkb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipqp.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ipwb32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javajr.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javams.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javaql32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javavu32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javazz32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfcat32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfcfr32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfcmc.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfcmw32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfcyz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msag.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\msbd32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\msbm32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\msfo.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\msfr.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\msgl32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\msnq32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\msrk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mstw.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\nethu32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\netjs.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\netkz32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\netmj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netsm.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\netzt32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ntgi.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sdkdp32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sdklx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysey.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sysnc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\systs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysvd32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sysze32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\wingm32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\winjg.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\winqq.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\winwl32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\winxa32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\winzm32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\winzt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\windy.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\wingf32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\winpd.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\winxr32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\_default.pif:jvnvr -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\__delete_on_reboot__addrj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\__delete_on_reboot__atljg32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\__delete_on_reboot__wintc.dll:nonwx -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\__delete_on_reboot__wintc.dll:stuja -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\__delete_on_reboot__wintc.dll:stuja -> Downloader.Agent.td : Cleaned with backup


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 1:41:44 PM, on 12/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcupdui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\d3ea.exe
C:\WINDOWS\d3tw.exe
C:\New Folder\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jyvzk.dll/sp.html#77035%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jyvzk.dll/sp.html#77035%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jyvzk.dll/sp.html#77035%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jyvzk.dll/sp.html#77035%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jyvzk.dll/sp.html#77035%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jyvzk.dll/sp.html#77035%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jyvzk.dll/sp.html#77035%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {003156AA-B2AD-54C8-CF6D-1C992B937149} - C:\WINDOWS\system32\apifd.dll (file missing)
O2 - BHO: Class - {008A49EF-1F4A-59F9-2873-E623FDFB2AEC} - C:\WINDOWS\system32\javayd.dll
O2 - BHO: Class - {01EB6314-2088-7180-0D75-C69CAD5AE4F9} - C:\WINDOWS\d3nd32.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {09207CE5-BD48-226E-8BA1-3964BEC3C523} - C:\WINDOWS\addzf32.dll
O2 - BHO: Class - {0DA5C488-C148-5DF5-F52E-033E83A175DF} - C:\WINDOWS\system32\crom32.dll (file missing)
O2 - BHO: (no name) - {0E37D9E0-99E3-DA14-3197-60132338963E} - (no file)
O2 - BHO: Class - {0FD1DEEA-1A6E-D2A8-546F-C5B4E5E41E0C} - C:\WINDOWS\sdkkt32.dll
O2 - BHO: Class - {10EDACBE-902A-F6FD-A7D9-7D96FA804409} - C:\WINDOWS\ipkt.dll (file missing)
O2 - BHO: Class - {15F23213-9CF2-EAE8-257C-69A75EC75BC0} - C:\WINDOWS\system32\ipcg32.dll (file missing)
O2 - BHO: Class - {1726BB1C-92AA-0B00-1211-47F4A3A3EEA0} - C:\WINDOWS\system32\apinn.dll (file missing)
O2 - BHO: Class - {19B907F0-A6CA-BB49-9C14-FD51E9541ECD} - C:\WINDOWS\d3iu32.dll
O2 - BHO: Class - {1A0D767B-0C24-CB78-0876-5F7AEE9294F4} - C:\WINDOWS\winnv.dll (file missing)
O2 - BHO: Class - {1A0FFA7F-AF83-32A4-6BFE-310DEFEF30F1} - C:\WINDOWS\system32\appvx.dll
O2 - BHO: Class - {1A478816-E063-0971-D763-1BABBFD87872} - C:\WINDOWS\sdkum.dll (file missing)
O2 - BHO: Class - {1B9B2567-FD79-0929-AF30-27C5089B29FE} - C:\WINDOWS\atlcn32.dll
O2 - BHO: Class - {1D3E2C15-0CF2-F9E2-738A-4E2A38D1C765} - C:\WINDOWS\system32\sdkzw.dll (file missing)
O2 - BHO: Class - {1F173960-3D10-16D5-6F3D-C432F9BF8003} - C:\WINDOWS\system32\addnj.dll (file missing)
O2 - BHO: Class - {2033AF1C-D520-7182-0C22-FB9A711BC872} - C:\WINDOWS\iekh32.dll
O2 - BHO: Class - {21EADA2E-FF24-A508-1802-13989D825ABA} - C:\WINDOWS\system32\appnu.dll
O2 - BHO: Class - {21F23978-8321-FD49-E116-F0410CF19A8A} - C:\WINDOWS\addbd32.dll
O2 - BHO: Class - {2292BD18-3B6B-01F7-6D6E-CA1A2CB8FE64} - C:\WINDOWS\netfb.dll (file missing)
O2 - BHO: Class - {22E10E8A-E8F9-EB27-24CE-13EDC6759784} - C:\WINDOWS\javayf32.dll (file missing)
O2 - BHO: Class - {2346EC13-9103-21E8-08CC-3B6A16FB3208} - C:\WINDOWS\system32\ntlq32.dll (file missing)
O2 - BHO: Class - {236CA94F-3393-2D7A-CDB1-7118197846E2} - C:\WINDOWS\mssn32.dll (file missing)
O2 - BHO: Class - {249CC0A1-9ABC-B843-D795-80061B76632D} - C:\WINDOWS\system32\mfcjx32.dll
O2 - BHO: Class - {24C595AC-D914-BDA8-E0FE-1EC427E42B62} - C:\WINDOWS\system32\ipfi.dll (file missing)
O2 - BHO: Class - {263AC5C0-2CAF-148B-2A5D-23E5C2F07456} - C:\WINDOWS\javanv32.dll (file missing)
O2 - BHO: Class - {26A0B324-E4D4-A257-7964-D0D492A800DD} - C:\WINDOWS\system32\netbw.dll
O2 - BHO: Class - {2843EAF5-2D17-7153-2C7F-01C2A8D2B7F0} - C:\WINDOWS\system32\mskq32.dll (file missing)
O2 - BHO: Class - {2B7CDB2C-16B5-286B-C7F1-C5C80397E087} - C:\WINDOWS\system32\apimj.dll (file missing)
O2 - BHO: Class - {2FF6CD4C-C873-B6D0-7071-0D3C44B04E0E} - C:\WINDOWS\system32\ntuw.dll
O2 - BHO: Class - {33A44762-FECF-1651-1758-359F5E8ADCCA} - C:\WINDOWS\wintv32.dll
O2 - BHO: Class - {36A6AA52-3A7A-4FD9-7FEC-8EF0D4ABCAD1} - C:\WINDOWS\system32\mfchh.dll
O2 - BHO: Class - {3741D035-47CF-B4A5-B941-489B37424B4D} - C:\WINDOWS\system32\javacq.dll
O2 - BHO: Class - {3AEABCED-8F75-E658-FEAF-9C53AF605935} - C:\WINDOWS\system32\iett32.dll (file missing)
O2 - BHO: Class - {3C516757-3A0D-13BA-59B9-2F9DA13BB41E} - C:\WINDOWS\system32\netrl.dll (file missing)
O2 - BHO: Class - {3C590378-0A5C-B10E-AF30-95DF78FBEABD} - C:\WINDOWS\apipu32.dll
O2 - BHO: Class - {3DF3AE97-927A-A988-F257-18F61D1C5ABA} - C:\WINDOWS\system32\ietj32.dll (file missing)
O2 - BHO: Class - {3EB79716-BC8C-A65F-5E2B-31BD61248EA1} - C:\WINDOWS\nthl32.dll
O2 - BHO: Class - {3FC5F00B-0204-AD29-6D02-6C41C7707FDF} - C:\WINDOWS\system32\atlry32.dll
O2 - BHO: Class - {405C427D-7AE4-A1A7-D322-793595EC6979} - C:\WINDOWS\atlvx32.dll (file missing)
O2 - BHO: Class - {42A8EAAD-CADF-3ADC-AA19-09B37343138C} - C:\WINDOWS\system32\ntnd32.dll
O2 - BHO: Class - {42B4125A-8456-E674-1EAB-F008B3833B7C} - C:\WINDOWS\ipgs.dll
O2 - BHO: Class - {47C204A5-E895-96EB-426E-94589DE2EF1E} - C:\WINDOWS\system32\syswp.dll
O2 - BHO: Class - {499CBA68-0CDC-4376-9119-E07B6BD9CBB4} - C:\WINDOWS\crgw.dll (file missing)
O2 - BHO: Class - {4F68D379-A552-6CBC-1C98-D30E630A4F43} - C:\WINDOWS\system32\applp32.dll (file missing)
O2 - BHO: Class - {51516028-FA3B-8261-B4D3-346C6B349CAE} - C:\WINDOWS\system32\mszm32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {5A3D985D-E7F0-92FD-318F-8930CFEB6D7E} - C:\WINDOWS\system32\appia.dll (file missing)
O2 - BHO: Class - {5E8BA5AA-42CF-368F-88E1-1CDF46D25744} - C:\WINDOWS\system32\ipqr32.dll (file missing)
O2 - BHO: Class - {67958F79-72DB-A2FA-6ED9-766E87626288} - C:\WINDOWS\system32\sdkgk32.dll (file missing)
O2 - BHO: Class - {69C0535E-8F6B-1482-8F80-DF6B338BFBF8} - C:\WINDOWS\system32\croo32.dll
O2 - BHO: Class - {6CA0DD23-29FF-7BA9-BCDE-21BA40065FF7} - C:\WINDOWS\system32\mfcko32.dll (file missing)
O2 - BHO: Class - {6CAFD07F-ACFD-6954-5F24-9032D1744E5E} - C:\WINDOWS\system32\ntiz.dll
O2 - BHO: Class - {6F78A8DF-CCFD-8F45-6673-865E1F2FB01D} - C:\WINDOWS\atlzz.dll (file missing)
O2 - BHO: Class - {73A0B877-8957-66D4-B512-A5E6B2821E0C} - C:\WINDOWS\system32\sdkeu.dll (file missing)
O2 - BHO: Class - {74D26490-9E7F-905B-3BAA-08765509E086} - C:\WINDOWS\javali.dll
O2 - BHO: Class - {775E7EE2-3A20-6839-8BF8-42DB066E09CE} - C:\WINDOWS\system32\mfcuc32.dll
O2 - BHO: (no name) - {77697D9E-D92B-4DA5-8433-0CB910198F36} - C:\WINDOWS\system32\cdkk.dll (file missing)
O2 - BHO: Class - {7912F734-6734-3BCA-181D-264E16D1AF22} - C:\WINDOWS\system32\crnn.dll
O2 - BHO: Class - {794F8545-B381-2043-E8A4-7F994ED794A5} - C:\WINDOWS\system32\winxi.dll
O2 - BHO: Class - {7D8DD407-13B0-33CA-516F-C457E455D100} - C:\WINDOWS\d3va32.dll
O2 - BHO: Class - {8044BFB2-40EC-C70A-C711-736B0EE1248F} - C:\WINDOWS\system32\winuw32.dll
O2 - BHO: Class - {81BC3EBA-35E5-E622-0BAD-7095B849C484} - C:\WINDOWS\system32\netty32.dll
O2 - BHO: Class - {84E5DCB7-18ED-A545-5935-A5F1A2CC5BCC} - C:\WINDOWS\system32\apprx.dll
O2 - BHO: Class - {855C4319-681C-92DA-BA91-F3931A800568} - C:\WINDOWS\system32\iphx.dll
O2 - BHO: Class - {8674F6CD-EB6E-CD07-FBE1-506F82436CC8} - C:\WINDOWS\addfz32.dll (file missing)
O2 - BHO: Class - {87660378-C0D8-4042-E8EE-3B0499FCC8D2} - C:\WINDOWS\system32\addiu32.dll (file missing)
O2 - BHO: Class - {884E6B25-AD0F-BCD3-7EE3-FDF787A03978} - C:\WINDOWS\adduy.dll (file missing)
O2 - BHO: Class - {8C10B61E-7F00-9FA3-7704-7184F040346C} - C:\WINDOWS\system32\apirt.dll
O2 - BHO: Class - {8C4F8213-4CBA-4C70-31C9-B2D727A270F1} - C:\WINDOWS\ipmx.dll (file missing)
O2 - BHO: Class - {8DED84AD-BB1F-9368-1990-BB8743516D63} - C:\WINDOWS\system32\mfcel32.dll (file missing)
O2 - BHO: Class - {8E615C3C-F769-DC70-D84B-F21ECCE41EE6} - C:\WINDOWS\atlsa32.dll
O2 - BHO: Class - {8F449EFF-464C-9088-BEE4-124C8FA50B4D} - C:\WINDOWS\javank32.dll (file missing)
O2 - BHO: Class - {92147661-2A5E-4D59-5C8E-91230ADD4855} - C:\WINDOWS\wintc.dll (file missing)
O2 - BHO: Class - {94B08B34-C38D-5BA7-55AC-D47C6A68C5E3} - C:\WINDOWS\ntpw32.dll
O2 - BHO: Class - {96F47AAF-D627-4543-7963-7E1F138D28BF} - C:\WINDOWS\appze32.dll (file missing)
O2 - BHO: Class - {976DFA7F-2E21-F47E-C5BB-B6C988EE98A5} - C:\WINDOWS\system32\ietz.dll (file missing)
O2 - BHO: Class - {98D79E08-A8D3-7C16-C8D1-316A15F195A3} - C:\WINDOWS\system32\appsu.dll
O2 - BHO: Class - {9ADFE229-40FB-615D-BB53-35E7CF17109E} - C:\WINDOWS\system32\msfz.dll (file missing)
O2 - BHO: Class - {9B338043-A6A7-64A6-CC40-E7DC9661F794} - C:\WINDOWS\javaip32.dll (file missing)
O2 - BHO: Class - {9CE33963-05DF-7E69-EC6A-2B29B35EAE5A} - C:\WINDOWS\ntgg.dll (file missing)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Class - {A0DA3B60-9934-9D82-5CF0-E92BE0E71F24} - C:\WINDOWS\system32\atlmp.dll (file missing)
O2 - BHO: Class - {A2F9AA06-3766-1ADD-4282-2D509709647B} - C:\WINDOWS\system32\d3us32.dll (file missing)
O2 - BHO: Class - {A3E59314-F18B-E35B-1289-B3D8F43C3B9D} - C:\WINDOWS\system32\d3ic.dll
O2 - BHO: Class - {A4536452-5993-1140-88F8-9E29B33DFBC9} - C:\WINDOWS\system32\ipfa.dll
O2 - BHO: Class - {A78AF0E5-CDFB-09FE-B586-1706636C89DD} - C:\WINDOWS\system32\addhs32.dll
O2 - BHO: Class - {AA53BA3B-9FED-4A5C-2B3E-69B936827B93} - C:\WINDOWS\system32\ipyp32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {AC374343-3209-2759-36C7-CF173D4C7D77} - C:\WINDOWS\system32\apica.dll (file missing)
O2 - BHO: Class - {AC5DA795-EB4D-33C1-2B1B-233A235E8A80} - C:\WINDOWS\ntup.dll (file missing)
O2 - BHO: Class - {B02C8A79-166D-EAED-C15F-3D1CC66CC436} - C:\WINDOWS\system32\javahy32.dll (file missing)
O2 - BHO: Class - {B0435E5C-5DC8-1800-7874-12411B8DBD79} - C:\WINDOWS\d3bx.dll
O2 - BHO: Class - {B89E4008-4828-AC3A-CAF5-00B70ABA441F} - C:\WINDOWS\crrp32.dll (file missing)
O2 - BHO: Class - {BB28F189-5896-7BCE-79C8-B28CF8543FF2} - C:\WINDOWS\iect.dll
O2 - BHO: Class - {BBF8DC95-3A2E-5656-D1C3-B52D78BB35FD} - C:\WINDOWS\msvt.dll
O2 - BHO: Class - {BD9D4C0F-F323-B9BF-3F31-9E15DB1A3C20} - C:\WINDOWS\mfcjm.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C0A8EABB-004C-55DD-0076-AC44FBB2A59E} - C:\WINDOWS\system32\sdknc.dll
O2 - BHO: Class - {C2B32F1E-FC67-7A71-914B-C7388C6B0405} - C:\WINDOWS\winkt.dll (file missing)
O2 - BHO: Class - {C50DD6DD-BA5E-58D0-8463-2027AADD4C87} - C:\WINDOWS\msdk.dll
O2 - BHO: Class - {C6506175-0AD1-05AA-F4AA-70AADEF964CA} - C:\WINDOWS\appci32.dll (file missing)
O2 - BHO: Class - {C6819314-0DB4-9E5D-89AB-47AE654BCAD9} - C:\WINDOWS\system32\crpj32.dll
O2 - BHO: Class - {C7B0E086-75CE-E71D-0DDA-51166A3A3D0F} - C:\WINDOWS\system32\mfcdl32.dll
O2 - BHO: Class - {C7D9E145-52DB-B4D5-50F2-B854335AD4B1} - C:\WINDOWS\crcc32.dll (file missing)
O2 - BHO: Class - {C88F3E71-4E20-56A9-DB40-BFBD9CAC3434} - C:\WINDOWS\system32\mfcxg.dll
O2 - BHO: Class - {C8D1C8D0-56D7-35E7-6E9D-682FBD22563D} - C:\WINDOWS\iepw.dll (file missing)
O2 - BHO: Class - {CAF6E144-63FF-5169-432A-A4605DE3B9A4} - C:\WINDOWS\syswi32.dll (file missing)
O2 - BHO: Class - {CB4B2853-3459-B406-A3EB-9B86CEC2FC98} - C:\WINDOWS\wingp.dll (file missing)
O2 - BHO: Class - {CB976193-5C1B-DB4C-02B6-69CAEB6FCDC6} - C:\WINDOWS\crcn.dll (file missing)
O2 - BHO: Class - {CDA80F2B-EB0F-A24C-9FB0-C5FE175C41DB} - C:\WINDOWS\mspz32.dll
O2 - BHO: Class - {D1F6727A-33B8-5881-2790-4C899CC50B34} - C:\WINDOWS\system32\apiut.dll (file missing)
O2 - BHO: Class - {D26AE4F7-8228-80E6-B5BD-8F1418D6EC44} - C:\WINDOWS\msqd.dll (file missing)
O2 - BHO: Class - {D302E19C-9069-BA77-F7AE-8A16F960D7B6} - C:\WINDOWS\system32\ntok32.dll
O2 - BHO: Class - {DBFCA164-5C46-B7BA-9FE0-E92A8DEC53BA} - C:\WINDOWS\addfb32.dll
O2 - BHO: Class - {DC88D1F4-B057-7A95-09CF-ADE2D8831986} - C:\WINDOWS\ieov.dll (file missing)
O2 - BHO: Class - {DD6F50C0-9F8F-A41C-291E-7B3FB818EF18} - C:\WINDOWS\javarc32.dll
O2 - BHO: Class - {DECF2ABB-4E43-2010-D006-50AF6E18F4A4} - C:\WINDOWS\msmd32.dll (file missing)
O2 - BHO: Class - {DF5177E6-2380-A398-9FF7-1A0D80DD8431} - C:\WINDOWS\system32\javaik32.dll
O2 - BHO: Class - {DF7AB9ED-CC80-B559-EE40-8DBD50AF24FA} - C:\WINDOWS\iekl.dll (file missing)
O2 - BHO: Class - {E1008507-7597-E713-6C74-364513A22905} - C:\WINDOWS\sdkjb.dll (file missing)
O2 - BHO: Class - {E10A8D17-3552-032E-5DCF-3829425436CE} - C:\WINDOWS\appez32.dll (file missing)
O2 - BHO: Class - {E15DD854-133F-0338-F25B-C7118EE63F1C} - C:\WINDOWS\crof.dll
O2 - BHO: Class - {E2028213-FEFE-A28B-82F7-7FF5259F732F} - C:\WINDOWS\system32\apixb.dll
O2 - BHO: Class - {ECD9AFAB-0E4B-31BD-F3E9-72B83A4A7053} - C:\WINDOWS\crbq32.dll (file missing)
O2 - BHO: Class - {ED29D508-9D6C-8703-229F-51213F86001C} - C:\WINDOWS\system32\mfcnu.dll (file missing)
O2 - BHO: Class - {EE095897-CF57-F9F1-0CB8-85D815B6038C} - C:\WINDOWS\atlvg32.dll (file missing)
O2 - BHO: Class - {EF499FF4-5D68-4F48-3C5E-65411AF29344} - C:\WINDOWS\sdkng.dll (file missing)
O2 - BHO: Class - {F042AD18-E71C-6ECD-7132-91145956736C} - C:\WINDOWS\sysok32.dll (file missing)
O2 - BHO: Class - {F21F6E0C-1EDE-F47F-D2F6-395EC4263EAF} - C:\WINDOWS\winpn32.dll
O2 - BHO: Class - {F8D02D56-1011-675D-ACC9-C07B02C902AB} - C:\WINDOWS\netuf32.dll (file missing)
O2 - BHO: Class - {FC6CE937-72FC-BA71-A542-FC7E67AE7C21} - C:\WINDOWS\system32\mfcas.dll (file missing)
O2 - BHO: Class - {FF22754C-BE20-6A0D-3A0A-B818CBA44118} - C:\WINDOWS\system32\d3fk.dll (file missing)
O2 - BHO: Class - {FF52343D-FFCF-6EB3-A181-B08A3DCB6B9A} - C:\WINDOWS\system32\iekh.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [appdh32.exe] C:\WINDOWS\system32\appdh32.exe
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [appnp.exe] C:\WINDOWS\appnp.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [appvm32.exe] C:\WINDOWS\appvm32.exe
O4 - HKLM\..\Run: [winwg.exe] C:\WINDOWS\system32\winwg.exe
O4 - HKLM\..\Run: [ieik32.exe] C:\WINDOWS\ieik32.exe
O4 - HKLM\..\Run: [d3ea.exe] C:\WINDOWS\d3ea.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [d3tw.exe] C:\WINDOWS\d3tw.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\RunOnce: [CleanUp!] C:\PROGRA~1\CleanUp!\CleanUp.exe /WindowsRestart
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Nbkbme32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements

#2
OwNt
Posted 26 December 2005 - 04:06 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello eugenec,

This is quite the infected pc - please bear with me as we get it cleaned up.

You may want to print out these instructions or save them to your desktop as a text file with Notepad because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
  • Prepare CWShredder for use:
    • Download CWShredder.
    • Save CWShredder.exe to a convenient location.
    • Please do not do anything with it yet.
  • Prepare AboutBuster for use:
    • Download AboutBuster.
    • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
    • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
    • Click "OK" at the prompt with instructions.
    • Click "Update" and then "Check For Update" to begin the update process.
    • If any updates exist please download them by clicking "Download Update".
    • You should not run the program yet so click "Exit".
  • Prepare cwsserviceremove.reg for use:
    • Download cwsserviceremove.zip.
    • Unzip the contents of cwsserviceremove.zip (cwsserviceremove.reg) to your desktop.
    • Please do not do anything with it yet.
Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Boot into Safe Mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.
  • Run CWShredder:
    • Double-click on CWShredder.exe.
    • Click "Fix ->" and click "OK" at the prompt.
    • CWShredder will scan and clean your system of CWS files.
    • Click "Next->" and then "Exit".
  • Remove the offending service:
    • Double-click on cwsserviceremove.reg you downloaded earlier.
    • When it asks you to merge the information to the registry click "Yes".
  • Run AboutBuster and save the logs:
    • Browse to where you saved AboutBuster and run AboutBuster.exe.
    • Click OK at the directions prompt.
    • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
    • Click Yes to allow it to shutdown explorer.exe.
    • It will begin to your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
    • When it has finished, click Save Log. Make sure you save it as I need a copy of it.
  • Clean out temporary files:
    • Start | Run | type cleanmgr | OK
    • Let it scan your system for files to remove.
    • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
    • Click "OK" to remove them.
    • Click "Yes" to confirm the deletion.
  • Restart your computer normally to return to normal mode.
  • Free TrendMicro Housecall scan:
    • Vist the TrendMicro Housecall website.
    • Select your country from the drop-down list and click "Go".
    • Choose "Yes" at the ActiveX Security Warning prompt.
    • Please wait while the Housecall engine is updated.
    • Select the drives to be scanned by placing a check in their respective boxes.
    • Check the "Auto Clean" box.
    • Click "SCAN" in order to begin scanning your system.
    • Please be patient while Housecall scans your system for malicious files.
    • If not auto-cleaned, remove anything it finds.
    • Click "Close" to exit the Housecall scanner.
    • Choose "Yes" at the HouseCall message prompt.
After all that, open Hijackthis, scan, and place a checkmark by the following entries:
Most of these entries may no longer be here.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jyvzk.dll/sp.html#77035%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jyvzk.dll/sp.html#77035%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jyvzk.dll/sp.html#77035%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jyvzk.dll/sp.html#77035%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jyvzk.dll/sp.html#77035%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jyvzk.dll/sp.html#77035%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jyvzk.dll/sp.html#77035%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {003156AA-B2AD-54C8-CF6D-1C992B937149} - C:\WINDOWS\system32\apifd.dll (file missing)
O2 - BHO: Class - {008A49EF-1F4A-59F9-2873-E623FDFB2AEC} - C:\WINDOWS\system32\javayd.dll
O2 - BHO: Class - {01EB6314-2088-7180-0D75-C69CAD5AE4F9} - C:\WINDOWS\d3nd32.dll
O2 - BHO: Class - {09207CE5-BD48-226E-8BA1-3964BEC3C523} - C:\WINDOWS\addzf32.dll
O2 - BHO: Class - {0DA5C488-C148-5DF5-F52E-033E83A175DF} - C:\WINDOWS\system32\crom32.dll (file missing)
O2 - BHO: (no name) - {0E37D9E0-99E3-DA14-3197-60132338963E} - (no file)
O2 - BHO: Class - {0FD1DEEA-1A6E-D2A8-546F-C5B4E5E41E0C} - C:\WINDOWS\sdkkt32.dll
O2 - BHO: Class - {10EDACBE-902A-F6FD-A7D9-7D96FA804409} - C:\WINDOWS\ipkt.dll (file missing)
O2 - BHO: Class - {15F23213-9CF2-EAE8-257C-69A75EC75BC0} - C:\WINDOWS\system32\ipcg32.dll (file missing)
O2 - BHO: Class - {1726BB1C-92AA-0B00-1211-47F4A3A3EEA0} - C:\WINDOWS\system32\apinn.dll (file missing)
O2 - BHO: Class - {19B907F0-A6CA-BB49-9C14-FD51E9541ECD} - C:\WINDOWS\d3iu32.dll
O2 - BHO: Class - {1A0D767B-0C24-CB78-0876-5F7AEE9294F4} - C:\WINDOWS\winnv.dll (file missing)
O2 - BHO: Class - {1A0FFA7F-AF83-32A4-6BFE-310DEFEF30F1} - C:\WINDOWS\system32\appvx.dll
O2 - BHO: Class - {1A478816-E063-0971-D763-1BABBFD87872} - C:\WINDOWS\sdkum.dll (file missing)
O2 - BHO: Class - {1B9B2567-FD79-0929-AF30-27C5089B29FE} - C:\WINDOWS\atlcn32.dll
O2 - BHO: Class - {1D3E2C15-0CF2-F9E2-738A-4E2A38D1C765} - C:\WINDOWS\system32\sdkzw.dll (file missing)
O2 - BHO: Class - {1F173960-3D10-16D5-6F3D-C432F9BF8003} - C:\WINDOWS\system32\addnj.dll (file missing)
O2 - BHO: Class - {2033AF1C-D520-7182-0C22-FB9A711BC872} - C:\WINDOWS\iekh32.dll
O2 - BHO: Class - {21EADA2E-FF24-A508-1802-13989D825ABA} - C:\WINDOWS\system32\appnu.dll
O2 - BHO: Class - {21F23978-8321-FD49-E116-F0410CF19A8A} - C:\WINDOWS\addbd32.dll
O2 - BHO: Class - {2292BD18-3B6B-01F7-6D6E-CA1A2CB8FE64} - C:\WINDOWS\netfb.dll (file missing)
O2 - BHO: Class - {22E10E8A-E8F9-EB27-24CE-13EDC6759784} - C:\WINDOWS\javayf32.dll (file missing)
O2 - BHO: Class - {2346EC13-9103-21E8-08CC-3B6A16FB3208} - C:\WINDOWS\system32\ntlq32.dll (file missing)
O2 - BHO: Class - {236CA94F-3393-2D7A-CDB1-7118197846E2} - C:\WINDOWS\mssn32.dll (file missing)
O2 - BHO: Class - {249CC0A1-9ABC-B843-D795-80061B76632D} - C:\WINDOWS\system32\mfcjx32.dll
O2 - BHO: Class - {24C595AC-D914-BDA8-E0FE-1EC427E42B62} - C:\WINDOWS\system32\ipfi.dll (file missing)
O2 - BHO: Class - {263AC5C0-2CAF-148B-2A5D-23E5C2F07456} - C:\WINDOWS\javanv32.dll (file missing)
O2 - BHO: Class - {26A0B324-E4D4-A257-7964-D0D492A800DD} - C:\WINDOWS\system32\netbw.dll
O2 - BHO: Class - {2843EAF5-2D17-7153-2C7F-01C2A8D2B7F0} - C:\WINDOWS\system32\mskq32.dll (file missing)
O2 - BHO: Class - {2B7CDB2C-16B5-286B-C7F1-C5C80397E087} - C:\WINDOWS\system32\apimj.dll (file missing)
O2 - BHO: Class - {2FF6CD4C-C873-B6D0-7071-0D3C44B04E0E} - C:\WINDOWS\system32\ntuw.dll
O2 - BHO: Class - {33A44762-FECF-1651-1758-359F5E8ADCCA} - C:\WINDOWS\wintv32.dll
O2 - BHO: Class - {36A6AA52-3A7A-4FD9-7FEC-8EF0D4ABCAD1} - C:\WINDOWS\system32\mfchh.dll
O2 - BHO: Class - {3741D035-47CF-B4A5-B941-489B37424B4D} - C:\WINDOWS\system32\javacq.dll
O2 - BHO: Class - {3AEABCED-8F75-E658-FEAF-9C53AF605935} - C:\WINDOWS\system32\iett32.dll (file missing)
O2 - BHO: Class - {3C516757-3A0D-13BA-59B9-2F9DA13BB41E} - C:\WINDOWS\system32\netrl.dll (file missing)
O2 - BHO: Class - {3C590378-0A5C-B10E-AF30-95DF78FBEABD} - C:\WINDOWS\apipu32.dll
O2 - BHO: Class - {3DF3AE97-927A-A988-F257-18F61D1C5ABA} - C:\WINDOWS\system32\ietj32.dll (file missing)
O2 - BHO: Class - {3EB79716-BC8C-A65F-5E2B-31BD61248EA1} - C:\WINDOWS\nthl32.dll
O2 - BHO: Class - {3FC5F00B-0204-AD29-6D02-6C41C7707FDF} - C:\WINDOWS\system32\atlry32.dll
O2 - BHO: Class - {405C427D-7AE4-A1A7-D322-793595EC6979} - C:\WINDOWS\atlvx32.dll (file missing)
O2 - BHO: Class - {42A8EAAD-CADF-3ADC-AA19-09B37343138C} - C:\WINDOWS\system32\ntnd32.dll
O2 - BHO: Class - {42B4125A-8456-E674-1EAB-F008B3833B7C} - C:\WINDOWS\ipgs.dll
O2 - BHO: Class - {47C204A5-E895-96EB-426E-94589DE2EF1E} - C:\WINDOWS\system32\syswp.dll
O2 - BHO: Class - {499CBA68-0CDC-4376-9119-E07B6BD9CBB4} - C:\WINDOWS\crgw.dll (file missing)
O2 - BHO: Class - {4F68D379-A552-6CBC-1C98-D30E630A4F43} - C:\WINDOWS\system32\applp32.dll (file missing)
O2 - BHO: Class - {51516028-FA3B-8261-B4D3-346C6B349CAE} - C:\WINDOWS\system32\mszm32.dll
O2 - BHO: Class - {5A3D985D-E7F0-92FD-318F-8930CFEB6D7E} - C:\WINDOWS\system32\appia.dll (file missing)
O2 - BHO: Class - {5E8BA5AA-42CF-368F-88E1-1CDF46D25744} - C:\WINDOWS\system32\ipqr32.dll (file missing)
O2 - BHO: Class - {67958F79-72DB-A2FA-6ED9-766E87626288} - C:\WINDOWS\system32\sdkgk32.dll (file missing)
O2 - BHO: Class - {69C0535E-8F6B-1482-8F80-DF6B338BFBF8} - C:\WINDOWS\system32\croo32.dll
O2 - BHO: Class - {6CA0DD23-29FF-7BA9-BCDE-21BA40065FF7} - C:\WINDOWS\system32\mfcko32.dll (file missing)
O2 - BHO: Class - {6CAFD07F-ACFD-6954-5F24-9032D1744E5E} - C:\WINDOWS\system32\ntiz.dll
O2 - BHO: Class - {6F78A8DF-CCFD-8F45-6673-865E1F2FB01D} - C:\WINDOWS\atlzz.dll (file missing)
O2 - BHO: Class - {73A0B877-8957-66D4-B512-A5E6B2821E0C} - C:\WINDOWS\system32\sdkeu.dll (file missing)
O2 - BHO: Class - {74D26490-9E7F-905B-3BAA-08765509E086} - C:\WINDOWS\javali.dll
O2 - BHO: Class - {775E7EE2-3A20-6839-8BF8-42DB066E09CE} - C:\WINDOWS\system32\mfcuc32.dll
O2 - BHO: (no name) - {77697D9E-D92B-4DA5-8433-0CB910198F36} - C:\WINDOWS\system32\cdkk.dll (file missing)
O2 - BHO: Class - {7912F734-6734-3BCA-181D-264E16D1AF22} - C:\WINDOWS\system32\crnn.dll
O2 - BHO: Class - {794F8545-B381-2043-E8A4-7F994ED794A5} - C:\WINDOWS\system32\winxi.dll
O2 - BHO: Class - {7D8DD407-13B0-33CA-516F-C457E455D100} - C:\WINDOWS\d3va32.dll
O2 - BHO: Class - {8044BFB2-40EC-C70A-C711-736B0EE1248F} - C:\WINDOWS\system32\winuw32.dll
O2 - BHO: Class - {81BC3EBA-35E5-E622-0BAD-7095B849C484} - C:\WINDOWS\system32\netty32.dll
O2 - BHO: Class - {84E5DCB7-18ED-A545-5935-A5F1A2CC5BCC} - C:\WINDOWS\system32\apprx.dll
O2 - BHO: Class - {855C4319-681C-92DA-BA91-F3931A800568} - C:\WINDOWS\system32\iphx.dll
O2 - BHO: Class - {8674F6CD-EB6E-CD07-FBE1-506F82436CC8} - C:\WINDOWS\addfz32.dll (file missing)
O2 - BHO: Class - {87660378-C0D8-4042-E8EE-3B0499FCC8D2} - C:\WINDOWS\system32\addiu32.dll (file missing)
O2 - BHO: Class - {884E6B25-AD0F-BCD3-7EE3-FDF787A03978} - C:\WINDOWS\adduy.dll (file missing)
O2 - BHO: Class - {8C10B61E-7F00-9FA3-7704-7184F040346C} - C:\WINDOWS\system32\apirt.dll
O2 - BHO: Class - {8C4F8213-4CBA-4C70-31C9-B2D727A270F1} - C:\WINDOWS\ipmx.dll (file missing)
O2 - BHO: Class - {8DED84AD-BB1F-9368-1990-BB8743516D63} - C:\WINDOWS\system32\mfcel32.dll (file missing)
O2 - BHO: Class - {8E615C3C-F769-DC70-D84B-F21ECCE41EE6} - C:\WINDOWS\atlsa32.dll
O2 - BHO: Class - {8F449EFF-464C-9088-BEE4-124C8FA50B4D} - C:\WINDOWS\javank32.dll (file missing)
O2 - BHO: Class - {92147661-2A5E-4D59-5C8E-91230ADD4855} - C:\WINDOWS\wintc.dll (file missing)
O2 - BHO: Class - {94B08B34-C38D-5BA7-55AC-D47C6A68C5E3} - C:\WINDOWS\ntpw32.dll
O2 - BHO: Class - {96F47AAF-D627-4543-7963-7E1F138D28BF} - C:\WINDOWS\appze32.dll (file missing)
O2 - BHO: Class - {976DFA7F-2E21-F47E-C5BB-B6C988EE98A5} - C:\WINDOWS\system32\ietz.dll (file missing)
O2 - BHO: Class - {98D79E08-A8D3-7C16-C8D1-316A15F195A3} - C:\WINDOWS\system32\appsu.dll
O2 - BHO: Class - {9ADFE229-40FB-615D-BB53-35E7CF17109E} - C:\WINDOWS\system32\msfz.dll (file missing)
O2 - BHO: Class - {9B338043-A6A7-64A6-CC40-E7DC9661F794} - C:\WINDOWS\javaip32.dll (file missing)
O2 - BHO: Class - {9CE33963-05DF-7E69-EC6A-2B29B35EAE5A} - C:\WINDOWS\ntgg.dll (file missing)
O2 - BHO: Class - {A0DA3B60-9934-9D82-5CF0-E92BE0E71F24} - C:\WINDOWS\system32\atlmp.dll (file missing)
O2 - BHO: Class - {A2F9AA06-3766-1ADD-4282-2D509709647B} - C:\WINDOWS\system32\d3us32.dll (file missing)
O2 - BHO: Class - {A3E59314-F18B-E35B-1289-B3D8F43C3B9D} - C:\WINDOWS\system32\d3ic.dll
O2 - BHO: Class - {A4536452-5993-1140-88F8-9E29B33DFBC9} - C:\WINDOWS\system32\ipfa.dll
O2 - BHO: Class - {A78AF0E5-CDFB-09FE-B586-1706636C89DD} - C:\WINDOWS\system32\addhs32.dll
O2 - BHO: Class - {AA53BA3B-9FED-4A5C-2B3E-69B936827B93} - C:\WINDOWS\system32\ipyp32.dll
O2 - BHO: Class - {AC374343-3209-2759-36C7-CF173D4C7D77} - C:\WINDOWS\system32\apica.dll (file missing)
O2 - BHO: Class - {AC5DA795-EB4D-33C1-2B1B-233A235E8A80} - C:\WINDOWS\ntup.dll (file missing)
O2 - BHO: Class - {B02C8A79-166D-EAED-C15F-3D1CC66CC436} - C:\WINDOWS\system32\javahy32.dll (file missing)
O2 - BHO: Class - {B0435E5C-5DC8-1800-7874-12411B8DBD79} - C:\WINDOWS\d3bx.dll
O2 - BHO: Class - {B89E4008-4828-AC3A-CAF5-00B70ABA441F} - C:\WINDOWS\crrp32.dll (file missing)
O2 - BHO: Class - {BB28F189-5896-7BCE-79C8-B28CF8543FF2} - C:\WINDOWS\iect.dll
O2 - BHO: Class - {BBF8DC95-3A2E-5656-D1C3-B52D78BB35FD} - C:\WINDOWS\msvt.dll
O2 - BHO: Class - {BD9D4C0F-F323-B9BF-3F31-9E15DB1A3C20} - C:\WINDOWS\mfcjm.dll (file missing)
O2 - BHO: Class - {C0A8EABB-004C-55DD-0076-AC44FBB2A59E} - C:\WINDOWS\system32\sdknc.dll
O2 - BHO: Class - {C2B32F1E-FC67-7A71-914B-C7388C6B0405} - C:\WINDOWS\winkt.dll (file missing)
O2 - BHO: Class - {C50DD6DD-BA5E-58D0-8463-2027AADD4C87} - C:\WINDOWS\msdk.dll
O2 - BHO: Class - {C6506175-0AD1-05AA-F4AA-70AADEF964CA} - C:\WINDOWS\appci32.dll (file missing)
O2 - BHO: Class - {C6819314-0DB4-9E5D-89AB-47AE654BCAD9} - C:\WINDOWS\system32\crpj32.dll
O2 - BHO: Class - {C7B0E086-75CE-E71D-0DDA-51166A3A3D0F} - C:\WINDOWS\system32\mfcdl32.dll
O2 - BHO: Class - {C7D9E145-52DB-B4D5-50F2-B854335AD4B1} - C:\WINDOWS\crcc32.dll (file missing)
O2 - BHO: Class - {C88F3E71-4E20-56A9-DB40-BFBD9CAC3434} - C:\WINDOWS\system32\mfcxg.dll
O2 - BHO: Class - {C8D1C8D0-56D7-35E7-6E9D-682FBD22563D} - C:\WINDOWS\iepw.dll (file missing)
O2 - BHO: Class - {CAF6E144-63FF-5169-432A-A4605DE3B9A4} - C:\WINDOWS\syswi32.dll (file missing)
O2 - BHO: Class - {CB4B2853-3459-B406-A3EB-9B86CEC2FC98} - C:\WINDOWS\wingp.dll (file missing)
O2 - BHO: Class - {CB976193-5C1B-DB4C-02B6-69CAEB6FCDC6} - C:\WINDOWS\crcn.dll (file missing)
O2 - BHO: Class - {CDA80F2B-EB0F-A24C-9FB0-C5FE175C41DB} - C:\WINDOWS\mspz32.dll
O2 - BHO: Class - {D1F6727A-33B8-5881-2790-4C899CC50B34} - C:\WINDOWS\system32\apiut.dll (file missing)
O2 - BHO: Class - {D26AE4F7-8228-80E6-B5BD-8F1418D6EC44} - C:\WINDOWS\msqd.dll (file missing)
O2 - BHO: Class - {D302E19C-9069-BA77-F7AE-8A16F960D7B6} - C:\WINDOWS\system32\ntok32.dll
O2 - BHO: Class - {DBFCA164-5C46-B7BA-9FE0-E92A8DEC53BA} - C:\WINDOWS\addfb32.dll
O2 - BHO: Class - {DC88D1F4-B057-7A95-09CF-ADE2D8831986} - C:\WINDOWS\ieov.dll (file missing)
O2 - BHO: Class - {DD6F50C0-9F8F-A41C-291E-7B3FB818EF18} - C:\WINDOWS\javarc32.dll
O2 - BHO: Class - {DECF2ABB-4E43-2010-D006-50AF6E18F4A4} - C:\WINDOWS\msmd32.dll (file missing)
O2 - BHO: Class - {DF5177E6-2380-A398-9FF7-1A0D80DD8431} - C:\WINDOWS\system32\javaik32.dll
O2 - BHO: Class - {DF7AB9ED-CC80-B559-EE40-8DBD50AF24FA} - C:\WINDOWS\iekl.dll (file missing)
O2 - BHO: Class - {E1008507-7597-E713-6C74-364513A22905} - C:\WINDOWS\sdkjb.dll (file missing)
O2 - BHO: Class - {E10A8D17-3552-032E-5DCF-3829425436CE} - C:\WINDOWS\appez32.dll (file missing)
O2 - BHO: Class - {E15DD854-133F-0338-F25B-C7118EE63F1C} - C:\WINDOWS\crof.dll
O2 - BHO: Class - {E2028213-FEFE-A28B-82F7-7FF5259F732F} - C:\WINDOWS\system32\apixb.dll
O2 - BHO: Class - {ECD9AFAB-0E4B-31BD-F3E9-72B83A4A7053} - C:\WINDOWS\crbq32.dll (file missing)
O2 - BHO: Class - {ED29D508-9D6C-8703-229F-51213F86001C} - C:\WINDOWS\system32\mfcnu.dll (file missing)
O2 - BHO: Class - {EE095897-CF57-F9F1-0CB8-85D815B6038C} - C:\WINDOWS\atlvg32.dll (file missing)
O2 - BHO: Class - {EF499FF4-5D68-4F48-3C5E-65411AF29344} - C:\WINDOWS\sdkng.dll (file missing)
O2 - BHO: Class - {F042AD18-E71C-6ECD-7132-91145956736C} - C:\WINDOWS\sysok32.dll (file missing)
O2 - BHO: Class - {F21F6E0C-1EDE-F47F-D2F6-395EC4263EAF} - C:\WINDOWS\winpn32.dll
O2 - BHO: Class - {F8D02D56-1011-675D-ACC9-C07B02C902AB} - C:\WINDOWS\netuf32.dll (file missing)
O2 - BHO: Class - {FC6CE937-72FC-BA71-A542-FC7E67AE7C21} - C:\WINDOWS\system32\mfcas.dll (file missing)
O2 - BHO: Class - {FF22754C-BE20-6A0D-3A0A-B818CBA44118} - C:\WINDOWS\system32\d3fk.dll (file missing)
O2 - BHO: Class - {FF52343D-FFCF-6EB3-A181-B08A3DCB6B9A} - C:\WINDOWS\system32\iekh.dll
O4 - HKLM\..\Run: [appdh32.exe] C:\WINDOWS\system32\appdh32.exe
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [appnp.exe] C:\WINDOWS\appnp.exe
O4 - HKLM\..\Run: [appvm32.exe] C:\WINDOWS\appvm32.exe
O4 - HKLM\..\Run: [winwg.exe] C:\WINDOWS\system32\winwg.exe
O4 - HKLM\..\Run: [ieik32.exe] C:\WINDOWS\ieik32.exe
O4 - HKLM\..\Run: [d3ea.exe] C:\WINDOWS\d3ea.exe
O4 - HKLM\..\RunOnce: [d3tw.exe] C:\WINDOWS\d3tw.exe
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Nbkbme32.dll (file missing)

Close all open windows/browsers and click Fix Checked.

Exit Hijackthis.

Reboot.

Please post a fresh HijackThis log
Please post the AboutBuster log.
Please note any complications you had.
  • 0

#3
eugenec
Posted 27 December 2005 - 09:38 AM

eugenec

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I followed the instructions and when I ran CWSShredder in safe mode, it crashed to a blue screen...I can't read what t says but it has a lot of text on it then just flashes to a reboot.

Should I just skip over this and move to the next step? Im at work now when i get home, Ill continue this.

Thanks,

Eugene
  • 0

#4
eugenec
Posted 27 December 2005 - 08:04 PM

eugenec

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
just checking in. Let me know how to proceed. Thank you, Eugene
  • 0

#5
OwNt
Posted 27 December 2005 - 09:41 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello eugenec,

Please try running CWS Shredder in normal mode - if it blue screens there as well skip it and proceed as instructed.
  • 0

#6
eugenec
Posted 03 January 2006 - 07:00 PM

eugenec

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Happy New Year! Sorry about the delay. I was out of town for New Years. I did as you said. CWSShredder ran in normal mode. Also the Trend Micro Housecall did not work.

After everything else, it seems to be much better but I still have a white Desktop which seems to change brightness...like when i unplug my laptop from the power cable. Randomly back and forth bright and darker...it doesnt do it in any windows like this one or any other applications just when im on the desktop.

Let me know the next step...


Here is the Aboutbuster log:

AboutBuster 6.0
Scan started on [12/28/2005] at [9:07:27 AM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Removed Stream! C:\WINDOWS\BJCFDins.log:uwynnb
Removed Stream! C:\WINDOWS\bootstat.dat:pnquov
Removed Stream! C:\WINDOWS\Coffee Bean.bmp:yyrayr
Removed Stream! C:\WINDOWS\COM+.log:rnnjhv
Removed Stream! C:\WINDOWS\DtcInstall.log:glkqli
Removed Stream! C:\WINDOWS\FaxSetup.log:jzvtue
Removed Stream! C:\WINDOWS\FaxSetup.log:ymuenl
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:kdoumy
Removed Stream! C:\WINDOWS\flweh.log:iocgrk
Removed Stream! C:\WINDOWS\Gateway.bmp:rnnjhv
Removed Stream! C:\WINDOWS\glgok.log:hqzxmo
Removed Stream! C:\WINDOWS\Greenstone.bmp:jofokg
Removed Stream! C:\WINDOWS\gtwdocs.ico:aovutv
Removed Stream! C:\WINDOWS\imsins.BAK:vfrnik
Removed Stream! C:\WINDOWS\KB867282.log:ksvvkl
Removed Stream! C:\WINDOWS\KB888113.log:cvndxa
Removed Stream! C:\WINDOWS\KB890046.log:bkboon
Removed Stream! C:\WINDOWS\KB890046.log:uwgirk
Removed Stream! C:\WINDOWS\KB890859.log:mjetnk
Removed Stream! C:\WINDOWS\KB892944.log:fpjtnx
Removed Stream! C:\WINDOWS\KB893066.log:fkwyhv
Removed Stream! C:\WINDOWS\KB893086.log:zlztee
Removed Stream! C:\WINDOWS\KB893803.log:yqcgqi
Removed Stream! C:\WINDOWS\KB894391.log:obtilu
Removed Stream! C:\WINDOWS\KB896428.log:hgieax
Removed Stream! C:\WINDOWS\KB896688.log:zcetip
Removed Stream! C:\WINDOWS\KB900725.log:dtwuvx
Removed Stream! C:\WINDOWS\KB902400.log:wlgzph
Removed Stream! C:\WINDOWS\KB905749.log:gmzfjr
Removed Stream! C:\WINDOWS\kqgvs.dat:ucxftv
Removed Stream! C:\WINDOWS\mdm.ini:bjtdzf
Removed Stream! C:\WINDOWS\MnyAdvPak.log:bqbary
Removed Stream! C:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt:axyqwq
Removed Stream! C:\WINDOWS\msgsocm.log:tjerth
Removed Stream! C:\WINDOWS\msgsocm.log:uitnli
Removed Stream! C:\WINDOWS\New.flg:qflimu
Removed Stream! C:\WINDOWS\nsreg.dat:lkwwvs
Removed Stream! C:\WINDOWS\nsreg.dat:mjetnk
Removed Stream! C:\WINDOWS\nsw.log:ifwngf
Removed Stream! C:\WINDOWS\nsw.log:lzcbsd
Removed Stream! C:\WINDOWS\ocgen.log:bgpsip
Removed Stream! C:\WINDOWS\ODBC.INI:hmsump
Removed Stream! C:\WINDOWS\PICTAKER.LOG:soveik
Removed Stream! C:\WINDOWS\Prairie Wind.bmp:lstmh
Removed Stream! C:\WINDOWS\Prairie Wind.bmp:wchjr
Removed Stream! C:\WINDOWS\Q327979.log:aknhkz
Removed Stream! C:\WINDOWS\rpivo.log:zedzh
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:jkgney
Removed Stream! C:\WINDOWS\SchedLgU.Txt:avnvyd
Removed Stream! C:\WINDOWS\setupapi.log:ontkdz
Removed Stream! C:\WINDOWS\setupapi.log.0.old:lsdptu
Removed Stream! C:\WINDOWS\setupapi.log.0.old:swfiao
Removed Stream! C:\WINDOWS\setuperr.log:imswgs
Removed Stream! C:\WINDOWS\siznc.dat:sshjjj
Removed Stream! C:\WINDOWS\smscfg.ini:dtwuvx
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:zgedzu
Removed Stream! C:\WINDOWS\Sti_Trace.log:dxitxa
Removed Stream! C:\WINDOWS\Sti_Trace.log:wlgzph
Removed Stream! C:\WINDOWS\stub2.ini:fshnem
Removed Stream! C:\WINDOWS\stub4.ini:xetvks
Removed Stream! C:\WINDOWS\SYMEVENT.LOG:gmzfjr
Removed Stream! C:\WINDOWS\tsoc.log:ynrsmu
Removed Stream! C:\WINDOWS\ujkml.log:rocxge
Removed Stream! C:\WINDOWS\ujkml.log:tvwqot
Removed Stream! C:\WINDOWS\UNSIGNED.LST:mqjsyn
Removed Stream! C:\WINDOWS\vb.ini:iaxcuc
Removed Stream! C:\WINDOWS\vbaddin.ini:epzjlg
Removed Stream! C:\WINDOWS\wiaservc.log:prmkui
Removed Stream! C:\WINDOWS\WindowsUpdate.log:seeygl
Removed Stream! C:\WINDOWS\winnt.bmp:mnqzam
Removed Stream! C:\WINDOWS\wmsetup10.log:eojfux
Removed Stream! C:\WINDOWS\WMSysPr9.prx:wgmrhq
Removed Stream! C:\WINDOWS\WMSysPr9.prx:znrqly
Removed Stream! C:\WINDOWS\ymuen.log:hcypdb
Removed Stream! C:\WINDOWS\ymuen.log:tspfo
Removed Stream! C:\WINDOWS\ymuen.log:xkpdjf
Removed Stream! C:\WINDOWS\_default.pif:bvgatr
Removed Stream! C:\WINDOWS\_default.pif:jhrbne
Removed Stream! C:\WINDOWS\_default.pif:jiagju
Removed Stream! C:\WINDOWS\_default.pif:kocizl
Removed Stream! C:\WINDOWS\_default.pif:nfldqn
Removed Stream! C:\WINDOWS\_default.pif:nqerbi
Removed Stream! C:\WINDOWS\_default.pif:qrpcxv
Removed Stream! C:\WINDOWS\_default.pif:sbhvmq
Removed Stream! C:\WINDOWS\_default.pif:ujkmlf
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:azffcp
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:bqbary
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:btkgob
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:cqmpfp
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:emenez
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:fdapqh
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:fnuqwf
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:fshnem
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:gbghdg
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:gvfudj
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:hrrqeb
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:ifwngf
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:iszbmq
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:jkzkb
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:judluj
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:kdjhzo
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:lttiko
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:nancjv
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:ncvjqr
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:nvljcb
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:ojnuoh
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:orylk
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:pvhcne
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:qflimu
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:qpxits
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:qrhwso
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:rpivon
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:rwvub
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:saxkea
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:stujaw
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:sxzyqo
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:trshq
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:tvwqot
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:uozvrk
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:uqrfpb
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:urwchz
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:vavohl
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:vyqks
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:xetvks
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:xkvdgy
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:xqkfox
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:ycrmxi
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:ytssyw
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:ywwcrw
Removed Stream! C:\WINDOWS\__delete_on_reboot__wintc.dll:ywxhft
-------------------------------------------------------------
Removed File! : C:\WINDOWS\addbd32.dll
Removed File! : C:\WINDOWS\addct32.exe
Removed File! : C:\WINDOWS\addhz.exe
Removed File! : C:\WINDOWS\addih.exe
Removed File! : C:\WINDOWS\addng.exe
Removed File! : C:\WINDOWS\addts.exe
Removed File! : C:\WINDOWS\apiha.exe
Removed File! : C:\WINDOWS\apijp32.exe
Removed File! : C:\WINDOWS\apirj.exe
Removed File! : C:\WINDOWS\apiwd.exe
Removed File! : C:\WINDOWS\appfa32.exe
Removed File! : C:\WINDOWS\appfv.exe
Removed File! : C:\WINDOWS\appne.exe
Removed File! : C:\WINDOWS\appvz.exe
Removed File! : C:\WINDOWS\atlgj.exe
Removed File! : C:\WINDOWS\atljl.exe
Removed File! : C:\WINDOWS\atljl32.exe
Removed File! : C:\WINDOWS\atllh.exe
Removed File! : C:\WINDOWS\atlmd32.exe
Removed File! : C:\WINDOWS\atlne32.exe
Removed File! : C:\WINDOWS\atlrx32.exe
Removed File! : C:\WINDOWS\atlsa32.dll
Removed File! : C:\WINDOWS\atlty.exe
Removed File! : C:\WINDOWS\atlxw.exe
Removed File! : C:\WINDOWS\atlzr32.exe
Removed File! : C:\WINDOWS\bxasb.log
Removed File! : C:\WINDOWS\crmu32.exe
Removed File! : C:\WINDOWS\d3bx.dll
Removed File! : C:\WINDOWS\d3li.exe
Removed File! : C:\WINDOWS\d3mg32.exe
Removed File! : C:\WINDOWS\d3tw.exe
Removed File! : C:\WINDOWS\d3wa32.exe
Removed File! : C:\WINDOWS\d3zv32.exe
Removed File! : C:\WINDOWS\dxnkl.txt
Removed File! : C:\WINDOWS\fchsz.dll
Removed File! : C:\WINDOWS\ffmll.dat
Removed File! : C:\WINDOWS\fgarn.log
Removed File! : C:\WINDOWS\flweh.log
Removed File! : C:\WINDOWS\fsvzi.dll
Removed File! : C:\WINDOWS\glgok.log
Removed File! : C:\WINDOWS\gmzfj.dat
Removed File! : C:\WINDOWS\hqjbp.dll
Removed File! : C:\WINDOWS\iect.dll
Removed File! : C:\WINDOWS\iedz32.exe
Removed File! : C:\WINDOWS\iefr32.exe
Removed File! : C:\WINDOWS\iekh32.dll
Removed File! : C:\WINDOWS\iepf.exe
Removed File! : C:\WINDOWS\ipck.exe
Removed File! : C:\WINDOWS\ipgd.exe
Removed File! : C:\WINDOWS\iphp.exe
Removed File! : C:\WINDOWS\ipnn.exe
Removed File! : C:\WINDOWS\ipod32.exe
Removed File! : C:\WINDOWS\ipoq32.exe
Removed File! : C:\WINDOWS\ipvq.exe
Removed File! : C:\WINDOWS\javaic.exe
Removed File! : C:\WINDOWS\javaja32.exe
Removed File! : C:\WINDOWS\javata32.exe
Removed File! : C:\WINDOWS\javawa.exe
Removed File! : C:\WINDOWS\javayq32.exe
Removed File! : C:\WINDOWS\jetnk.dll
Removed File! : C:\WINDOWS\jlqnm.txt
Removed File! : C:\WINDOWS\jmscf.dll
Removed File! : C:\WINDOWS\jtfga.dat
Removed File! : C:\WINDOWS\kletw.txt
Removed File! : C:\WINDOWS\knzdb.dll
Removed File! : C:\WINDOWS\kqgvs.dat
Removed File! : C:\WINDOWS\kvdtx.dll
Removed File! : C:\WINDOWS\kwyhv.dll
Removed File! : C:\WINDOWS\kycfg.dll
Removed File! : C:\WINDOWS\lkerg.log
Removed File! : C:\WINDOWS\mfcxf.exe
Removed File! : C:\WINDOWS\msel.exe
Removed File! : C:\WINDOWS\msik.exe
Removed File! : C:\WINDOWS\msqh.exe
Removed File! : C:\WINDOWS\mvqrp.log
Removed File! : C:\WINDOWS\netbe.exe
Removed File! : C:\WINDOWS\netdl.exe
Removed File! : C:\WINDOWS\netkw32.exe
Removed File! : C:\WINDOWS\netlf.exe
Removed File! : C:\WINDOWS\netqz32.exe
Removed File! : C:\WINDOWS\netrj.exe
Removed File! : C:\WINDOWS\netsl32.exe
Removed File! : C:\WINDOWS\netts.exe
Removed File! : C:\WINDOWS\netxp.exe
Removed File! : C:\WINDOWS\nter32.exe
Removed File! : C:\WINDOWS\ntgf32.exe
Removed File! : C:\WINDOWS\ntgv.exe
Removed File! : C:\WINDOWS\nthe32.exe
Removed File! : C:\WINDOWS\ntif.exe
Removed File! : C:\WINDOWS\ntkl32.exe
Removed File! : C:\WINDOWS\ntvj32.exe
Removed File! : C:\WINDOWS\n_mtjpcs.txt
Removed File! : C:\WINDOWS\oxvxm.dll
Removed File! : C:\WINDOWS\oyisx.txt
Removed File! : C:\WINDOWS\pezpf.log
Removed File! : C:\WINDOWS\raozp.dll
Removed File! : C:\WINDOWS\rhneq.dll
Removed File! : C:\WINDOWS\rrqeb.dll
Removed File! : C:\WINDOWS\sdkcy.exe
Removed File! : C:\WINDOWS\siznc.dat
Removed File! : C:\WINDOWS\sjngy.dll
Removed File! : C:\WINDOWS\syspw32.exe
Removed File! : C:\WINDOWS\sysqr32.exe
Removed File! : C:\WINDOWS\tfgaj.dll
Removed File! : C:\WINDOWS\tsqbc.dat
Removed File! : C:\WINDOWS\txgna.dll
Removed File! : C:\WINDOWS\ujkml.log
Removed File! : C:\WINDOWS\ujnrj.dat
Removed File! : C:\WINDOWS\umjfa.dat
Removed File! : C:\WINDOWS\winpn32.dll
Removed File! : C:\WINDOWS\wintv32.dll
Removed File! : C:\WINDOWS\wvlzt.log
Removed File! : C:\WINDOWS\xonvz.log
Removed File! : C:\WINDOWS\yhsts.txt
Removed File! : C:\WINDOWS\ymuen.log
Removed File! : C:\WINDOWS\zvlhs.log
Removed File! : C:\WINDOWS\zvsnn.dat
Removed File! : C:\WINDOWS\system32\addec32.exe
Removed File! : C:\WINDOWS\system32\addeu.exe
Removed File! : C:\WINDOWS\system32\addsr32.exe
Removed File! : C:\WINDOWS\system32\addvc.exe
Removed File! : C:\WINDOWS\system32\addxr32.exe
Removed File! : C:\WINDOWS\system32\addym32.exe
Removed File! : C:\WINDOWS\system32\apicp.exe
Removed File! : C:\WINDOWS\system32\apiie32.exe
Removed File! : C:\WINDOWS\system32\apiwu32.exe
Removed File! : C:\WINDOWS\system32\apixb.dll
Removed File! : C:\WINDOWS\system32\appbh32.exe
Removed File! : C:\WINDOWS\system32\appdc.exe
Removed File! : C:\WINDOWS\system32\appid.exe
Removed File! : C:\WINDOWS\system32\appmi32.exe
Removed File! : C:\WINDOWS\system32\apprx.dll
Removed File! : C:\WINDOWS\system32\appsu.dll
Removed File! : C:\WINDOWS\system32\appwh.exe
Removed File! : C:\WINDOWS\system32\atlep32.exe
Removed File! : C:\WINDOWS\system32\atlis32.exe
Removed File! : C:\WINDOWS\system32\atlmc.exe
Removed File! : C:\WINDOWS\system32\atlrp.exe
Removed File! : C:\WINDOWS\system32\atlry32.dll
Removed File! : C:\WINDOWS\system32\atlvr.exe
Removed File! : C:\WINDOWS\system32\atlwh.exe
Removed File! : C:\WINDOWS\system32\crbw.exe
Removed File! : C:\WINDOWS\system32\crcl.exe
Removed File! : C:\WINDOWS\system32\crdc.exe
Removed File! : C:\WINDOWS\system32\cris.exe
Removed File! : C:\WINDOWS\system32\crlh32.exe
Removed File! : C:\WINDOWS\system32\croo32.dll
Removed File! : C:\WINDOWS\system32\crui.exe
Removed File! : C:\WINDOWS\system32\crxz32.exe
Removed File! : C:\WINDOWS\system32\d3cm32.exe
Removed File! : C:\WINDOWS\system32\d3dp32.exe
Removed File! : C:\WINDOWS\system32\d3ft32.exe
Removed File! : C:\WINDOWS\system32\d3il32.exe
Removed File! : C:\WINDOWS\system32\d3kw32.exe
Removed File! : C:\WINDOWS\system32\d3mt.exe
Removed File! : C:\WINDOWS\system32\d3py32.exe
Removed File! : C:\WINDOWS\system32\d3rc.exe
Removed File! : C:\WINDOWS\system32\d3re32.exe
Removed File! : C:\WINDOWS\system32\dmlqz.log
Removed File! : C:\WINDOWS\system32\dplbt.txt
Removed File! : C:\WINDOWS\system32\fpjtn.dat
Removed File! : C:\WINDOWS\system32\gooqq.log
Removed File! : C:\WINDOWS\system32\gwvfw.txt
Removed File! : C:\WINDOWS\system32\iebt.exe
Removed File! : C:\WINDOWS\system32\iega.exe
Removed File! : C:\WINDOWS\system32\iekh.dll
Removed File! : C:\WINDOWS\system32\ierf.exe
Removed File! : C:\WINDOWS\system32\ipas.exe
Removed File! : C:\WINDOWS\system32\ipbj.exe
Removed File! : C:\WINDOWS\system32\ipfa.dll
Removed File! : C:\WINDOWS\system32\ipfu32.exe
Removed File! : C:\WINDOWS\system32\ipgu.exe
Removed File! : C:\WINDOWS\system32\ipkn.exe
Removed File! : C:\WINDOWS\system32\ipnv.exe
Removed File! : C:\WINDOWS\system32\ipth32.exe
Removed File! : C:\WINDOWS\system32\ipyp32.dll
Removed File! : C:\WINDOWS\system32\ipza.exe
Removed File! : C:\WINDOWS\system32\ivzcx.dat
Removed File! : C:\WINDOWS\system32\iyeuh.txt
Removed File! : C:\WINDOWS\system32\javacq.dll
Removed File! : C:\WINDOWS\system32\javalj.exe
Removed File! : C:\WINDOWS\system32\javayd.dll
Removed File! : C:\WINDOWS\system32\jofok.txt
Removed File! : C:\WINDOWS\system32\jyvzk.dll
Removed File! : C:\WINDOWS\system32\locnl.dat
Removed File! : C:\WINDOWS\system32\mfcbn.exe
Removed File! : C:\WINDOWS\system32\mfcby.exe
Removed File! : C:\WINDOWS\system32\mfcdl32.dll
Removed File! : C:\WINDOWS\system32\mfckl32.exe
Removed File! : C:\WINDOWS\system32\mfcof32.exe
Removed File! : C:\WINDOWS\system32\mfcqr32.exe
Removed File! : C:\WINDOWS\system32\mfctk32.dll
Removed File! : C:\WINDOWS\system32\mfcuc32.dll
Removed File! : C:\WINDOWS\system32\mfcvw.exe
Removed File! : C:\WINDOWS\system32\mfcxg.dll
Removed File! : C:\WINDOWS\system32\mfcxj32.exe
Removed File! : C:\WINDOWS\system32\msaa.exe
Removed File! : C:\WINDOWS\system32\msao32.exe
Removed File! : C:\WINDOWS\system32\msku.exe
Removed File! : C:\WINDOWS\system32\msnm.exe
Removed File! : C:\WINDOWS\system32\msqu32.exe
Removed File! : C:\WINDOWS\system32\msqw32.exe
Removed File! : C:\WINDOWS\system32\mstb32.exe
Removed File! : C:\WINDOWS\system32\msuh32.exe
Removed File! : C:\WINDOWS\system32\msuj.exe
Removed File! : C:\WINDOWS\system32\mszp.exe
Removed File! : C:\WINDOWS\system32\netbw.dll
Removed File! : C:\WINDOWS\system32\netnp.exe
Removed File! : C:\WINDOWS\system32\netqj32.exe
Removed File! : C:\WINDOWS\system32\nettz32.exe
Removed File! : C:\WINDOWS\system32\netxo32.exe
Removed File! : C:\WINDOWS\system32\nlzoz.dll
Removed File! : C:\WINDOWS\system32\nrqib.dll
Removed File! : C:\WINDOWS\system32\ntaj32.exe
Removed File! : C:\WINDOWS\system32\ntgq32.exe
Removed File! : C:\WINDOWS\system32\ntip.exe
Removed File! : C:\WINDOWS\system32\ntiz.dll
Removed File! : C:\WINDOWS\system32\ntnd32.dll
Removed File! : C:\WINDOWS\system32\ntni32.exe
Removed File! : C:\WINDOWS\system32\ntok32.dll
Removed File! : C:\WINDOWS\system32\ntqf32.exe
Removed File! : C:\WINDOWS\system32\ntqo.exe
Removed File! : C:\WINDOWS\system32\ntrn32.exe
Removed File! : C:\WINDOWS\system32\ntsd32.exe
Removed File! : C:\WINDOWS\system32\ntso32.exe
Removed File! : C:\WINDOWS\system32\ntwe.exe
Removed File! : C:\WINDOWS\system32\ntxa.exe
Removed File! : C:\WINDOWS\system32\ntyh.exe
Removed File! : C:\WINDOWS\system32\oospg.dll
Removed File! : C:\WINDOWS\system32\orylk.log
Removed File! : C:\WINDOWS\system32\ovrvb.dll
Removed File! : C:\WINDOWS\system32\pxits.dll
Removed File! : C:\WINDOWS\system32\qyveb.dll
Removed File! : C:\WINDOWS\system32\ractg.dll
Removed File! : C:\WINDOWS\system32\sdkej.exe
Removed File! : C:\WINDOWS\system32\sdkfz.exe
Removed File! : C:\WINDOWS\system32\sdkhl32.exe
Removed File! : C:\WINDOWS\system32\sdkic.exe
Removed File! : C:\WINDOWS\system32\sdkic32.exe
Removed File! : C:\WINDOWS\system32\sdkkt.exe
Removed File! : C:\WINDOWS\system32\sdksp.exe
Removed File! : C:\WINDOWS\system32\sdkwl.exe
Removed File! : C:\WINDOWS\system32\slise.log
Removed File! : C:\WINDOWS\system32\sract.txt
Removed File! : C:\WINDOWS\system32\sxegf.dll
Removed File! : C:\WINDOWS\system32\syscw.exe
Removed File! : C:\WINDOWS\system32\sysfl.exe
Removed File! : C:\WINDOWS\system32\syslq32.exe
Removed File! : C:\WINDOWS\system32\sysnn.exe
Removed File! : C:\WINDOWS\system32\syswp.dll
Removed File! : C:\WINDOWS\system32\tjert.log
Removed File! : C:\WINDOWS\system32\txvqc.dll
Removed File! : C:\WINDOWS\system32\wincl32.exe
Removed File! : C:\WINDOWS\system32\winfj32.exe
Removed File! : C:\WINDOWS\system32\wingh.exe
Removed File! : C:\WINDOWS\system32\winhh.exe
Removed File! : C:\WINDOWS\system32\winuw32.dll
Removed File! : C:\WINDOWS\system32\winvr32.exe
Removed File! : C:\WINDOWS\system32\winxc32.exe
Removed File! : C:\WINDOWS\system32\winxi.dll
Removed File! : C:\WINDOWS\system32\wnsem.txt
Removed File! : C:\WINDOWS\system32\yknuq.txt
Removed File! : C:\WINDOWS\system32\zpvkv.dat
Removed File! : C:\WINDOWS\system32\zscoe.txt
Removed File! : C:\WINDOWS\warnhp.html
-------------------------------------------------------------
Removed Temp Files
Internet Explorer Settings Reset!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 9:15:01 AM


and here is the hijack this log after running everything:

Logfile of HijackThis v1.99.1
Scan saved at 7:51:35 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdui.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\New Folder\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#7
OwNt
Posted 03 January 2006 - 11:33 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello eugenec,

You new log looks clean!

Please RIGHT-CLICK HERE and go to Save As (in IE it's "Save Target As") in order to download the smitfraud reg to your desktop.

Double-click smitfraud.reg on your desktop. When asked if you want to merge with the registry click YES.

You should get a message saying it succeeded.

Reboot and see if the desktop is still white.
  • 0

#8
eugenec
Posted 05 January 2006 - 03:37 PM

eugenec

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
it didn't work...just to give you a better description:

When the computer boots up I see my desktop for like a second then it flashes and becomes white. All my icons have a blue shade like they're selected. Every couple of seconds or so with no apparent pattern/randomly, the screen becomes brighter then duller.

Don't know if this matters but here is my desktop source code from right clicking in the desktop and clicking view source, the name of the window that pops up is C_WINDOWS_Web_desktop[1] - Notepad:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!----
***** This file is automatically generated by Microsoft Windows *****
--------><HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252"></HEAD>
<BODY
style="BORDER-RIGHT: medium none; BORDER-TOP: medium none; BORDER-LEFT: medium none; BORDER-BOTTOM: medium none"
bottomMargin=0 bgColor=#004e98 leftMargin=0
background=file:///C:/WINDOWS/Blue%20Lace%2016.bmp topMargin=0
rightMargin=0><IFRAME id=0
style="BACKGROUND: none transparent scroll repeat 0% 0%; LEFT: 0px; WIDTH: 1280px; POSITION: absolute; TOP: 1px; HEIGHT: 769px"
name=DeskMovrW marginWidth=0 marginHeight=0
src="file:///C:/WINDOWS/Web/desktop.html" frameBorder=0 scrolling=no
subscribed_url="C:\WINDOWS\Web\desktop.html" resizeable="粶킀 젢"> </IFRAME>
<OBJECT id=ActiveDesktopMover
style="LEFT: 0px; VISIBILITY: hidden; WIDTH: 0px; POSITION: absolute; TOP: 0px; HEIGHT: 0px; container: positioned; zIndex: 5"
classid=clsid:72267F6A-A6F9-11D0-BC94-00C04FB67863></OBJECT>
<OBJECT id=ActiveDesktopMoverW
style="Z-INDEX: -1; LEFT: -1px; VISIBILITY: hidden; WIDTH: 1282px; POSITION: absolute; TOP: 0px; HEIGHT: 771px; container: positioned"
classid=clsid:72267F6A-A6F9-11D0-BC94-00C04FB67863></OBJECT>&nbsp;
</BODY></HTML>
  • 0

#9
OwNt
Posted 05 January 2006 - 11:42 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello eugenec,

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and let me know if the problem persists.
  • 0

#10
eugenec
Posted 06 January 2006 - 04:22 PM

eugenec

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
It's still the same. It took a lot longer to come up to the white screen and it did have a blue screen there for a minute, but it came up nonetheless. :tazz:

here is the log:


smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Fri 01/06/2006
The current time is: 16:50:27.54

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key

WinHound.com key present!



Running WinHound.com fix!



WinHound.com key was successfully removed! :)

spyaxe uninstaller NOT present


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

WinhoundFix © by noahdfear

Winhound directory present

Winhound uninstaller present

Starting Winhound uninstaller

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~

Winhound


~~~ Shortcuts ~~~

Install.dat


~~~ Favorites ~~~



~~~ system32 folder ~~~

svcp.csv
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 756 'explorer.exe'
Killing PID 756 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)
  • 0

Advertisements

#11
OwNt
Posted 07 January 2006 - 01:10 AM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello eugenec,

Try running This Fix.

Then under displayer properties, (Right click on the desktop somewhere and hit properties) Under the Themes and Appearance tabs make sure Windows XP is selected under both.

Then delete the following file if it appears:

C:\WINDOWS\warnhp.html

Reboot.

Then right click on an empty spot on your desktop and select properties.

Ensure that Under Themes and Appearance, that Windows XP is still selected.

Let me know if the problem persists.
  • 0

#12
eugenec
Posted 09 January 2006 - 09:03 AM

eugenec

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The theme selected was Windows XP (modified). I did what you mentioned and it worked. The descktop came off. But when I rebooted the desktop reverted back the flashing white and now the theme is Windows XP like it's supposed to be...
  • 0

#13
OwNt
Posted 09 January 2006 - 01:34 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello eugenec,

Is the problem remaining fixed then?
  • 0

#14
eugenec
Posted 11 January 2006 - 10:00 AM

eugenec

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
No its not...sorry if I didnt make that clear. When I rebooted, the problem came back. Everything else is fine however. No browser problems, no popups. But the desktop is screwed up.
  • 0

#15
OwNt
Posted 15 January 2006 - 07:09 AM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello eugenec,

Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP