Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

dr watson debugger

Started by mr joshua , Feb 14 2005 12:45 AM

  • This topic is locked This topic is locked

#1
mr joshua
Posted 14 February 2005 - 12:45 AM

mr joshua

    Member

  • Member
  • PipPip
  • 17 posts
i have the following errors that come up when i try to open any thing ie. control pannel, my computer and so on.

p1:drwtsn32.exe p2:51.2600.o p3:sb7d84a2 p4:dbghelp.dll p5:5.1.2600.2180

p6:4110969a p7:0001295d p8:coooo409 p9:00000000

i have no clue what to do. wondering if any one does? please help me out.
thank you
josh

my hijack this log
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\appwt32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ntgw.exe
C:\WINNT\System32\tibs3.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GDM3WDUR\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?840828 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://out.true-counter.com/b/?840828 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?840828 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?840828 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?840828 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\qrgnu.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\qrgnu.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\qrgnu.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\qrgnu.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\qrgnu.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\qrgnu.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?840828 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\qrgnu.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com...ktime/download/
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINNT\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A6CF3D29-5AC2-AA1C-52D4-DBFA09FC7592} - C:\WINNT\system32\winxc32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [ntgw.exe] C:\WINNT\system32\ntgw.exe
O4 - HKLM\..\Run: [apill32.exe] C:\WINNT\system32\apill32.exe
O4 - HKLM\..\Run: [tibs3] C:\WINNT\System32\tibs3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [sysoi32.exe] C:\WINNT\system32\sysoi32.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [crqx.exe] C:\WINNT\system32\crqx.exe
O4 - HKLM\..\RunOnce: [ntap32.exe] C:\WINNT\system32\ntap32.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O19 - User stylesheet: C:\WINNT\Web\oslogo.bmp (file missing)
O19 - User stylesheet: C:\WINNT\default.css (file missing) (HKLM)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: PictureTaker - Unknown - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINNT\appwt32.exe

thank you
  • 0

Advertisements

#2
coachwife6
Posted 14 February 2005 - 05:44 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hi Mr. Joshua. Welcome to GTG. :tazz:

Have you checked out the Hijack This recommendations in the Malware section?

Please check there or in my signature under Hijack This. After you complete that, post another log.
  • 0

#3
mr joshua
Posted 14 February 2005 - 08:13 PM

mr joshua

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
hello,
is this what you are talking about??
thank you again.

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\appwt32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ntgw.exe
C:\WINNT\System32\tibs3.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\ntap32.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8PEZCH2B\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?840828 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://out.true-counter.com/b/?840828 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?840828 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?840828 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?840828 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\fwmnc.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\fwmnc.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\fwmnc.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\fwmnc.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\fwmnc.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\fwmnc.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?840828 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\fwmnc.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com...ktime/download/
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINNT\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A6CF3D29-5AC2-AA1C-52D4-DBFA09FC7592} - C:\WINNT\system32\winxc32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [ntgw.exe] C:\WINNT\system32\ntgw.exe
O4 - HKLM\..\Run: [apill32.exe] C:\WINNT\system32\apill32.exe
O4 - HKLM\..\Run: [tibs3] C:\WINNT\System32\tibs3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [sysoi32.exe] C:\WINNT\system32\sysoi32.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [crqx.exe] C:\WINNT\system32\crqx.exe
O4 - HKLM\..\RunOnce: [ntap32.exe] C:\WINNT\system32\ntap32.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O19 - User stylesheet: C:\WINNT\Web\oslogo.bmp (file missing)
O19 - User stylesheet: C:\WINNT\default.css (file missing) (HKLM)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: PictureTaker - Unknown - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINNT\appwt32.exe
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINNT\system32\ntap32.exe
  • 0

#4
mr joshua
Posted 17 February 2005 - 12:32 AM

mr joshua

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
hi, i was wondering if you ofund anything out?

thank you
  • 0

#5
coachwife6
Posted 17 February 2005 - 09:04 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
You may want to print out these instructions or save them to your desktop as a text file with Notepad because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
  • Prepare CWShredder for use:
    • Download CWShredder.
    • Save CWShredder.exe to a convenient location.
    • Please do not do anything with it yet.
  • Prepare AboutBuster for use:
    • Download AboutBuster.
    • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
    • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
    • Click "OK" at the prompt with instructions.
    • Click "Update" and then "Check For Update" to begin the update process.
    • If any updates exist please download them by clicking "Download Update".
    • You should not run the program yet so click "Exit".
  • Prepare cwsserviceremove.reg for use:
    • Download cwsserviceremove.zip.
    • Unzip the contents of cwsserviceremove.zip (cwsserviceremove.reg) to your desktop.
    • Please do not do anything with it yet.
Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Boot into Safe Mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.
  • Run CWShredder:
    • Double-click on CWShredder.exe.
    • Click "Fix ->" and click "OK" at the prompt.
    • CWShredder will scan and clean your system of CWS files.
    • Click "Next->" and then "Exit".
  • Remove the offending service:
    • Double-click on cwsserviceremove.reg you downloaded earlier.
    • When it asks you to merge the information to the registry click "Yes".
  • Run AboutBuster and save the logs:
    • Browse to where you saved AboutBuster and run AboutBuster.exe.
    • Click OK at the directions prompt.
    • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
    • Click Yes to allow it to shutdown explorer.exe.
    • It will begin to your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
    • When it has finished, click Save Log. Make sure you save it as I need a copy of it.
  • Clean out temporary files:
    • Start | Run | type cleanmgr | OK
    • Let it scan your system for files to remove.
    • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
    • Click "OK" to remove them.
    • Click "Yes" to confirm the deletion.
  • Restart your computer normally to return to normal mode.
  • Free TrendMicro Housecall scan:
    • Vist the TrendMicro Housecall website.
    • Select your country from the drop-down list and click "Go".
    • Choose "Yes" at the ActiveX Security Warning prompt.
    • Please wait while the Housecall engine is updated.
    • Select the drives to be scanned by placing a check in their respective boxes.
    • Check the "Auto Clean" box.
    • Click "SCAN" in order to begin scanning your system.
    • Please be patient while Housecall scans your system for malicious files.
    • If not auto-cleaned, remove anything it finds.
    • Click "Close" to exit the Housecall scanner.
    • Choose "Yes" at the HouseCall message prompt.
  • Prepare your reply:
    • Please post a fresh HijackThis log
    • Please post the AboutBuster log.
    • Please note any complications you had.

  • 0

#6
mr joshua
Posted 17 February 2005 - 11:39 PM

mr joshua

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
hello.
have the files down loaded. but i cant openthe folders to unzip them?
any sugestions?
thank you
  • 0

#7
mr joshua
Posted 18 February 2005 - 12:50 AM

mr joshua

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
hello here is my new hijack log and about buster log


Logfile of HijackThis v1.99.1
Scan saved at 10:36:00 PM, on 2/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\ntgw.exe
C:\WINNT\System32\tibs3.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\iccsigs.dat:tzcus
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\52CFN90L\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\hwgim.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\hwgim.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\hwgim.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\hwgim.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\hwgim.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\hwgim.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\hwgim.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com...ktime/download/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A6CF3D29-5AC2-AA1C-52D4-DBFA09FC7592} - C:\WINNT\system32\winxc32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [ntgw.exe] C:\WINNT\system32\ntgw.exe
O4 - HKLM\..\Run: [apill32.exe] C:\WINNT\system32\apill32.exe
O4 - HKLM\..\Run: [tibs3] C:\WINNT\System32\tibs3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [sysoi32.exe] C:\WINNT\system32\sysoi32.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [crqx.exe] C:\WINNT\system32\crqx.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Owner\Desktop\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Network Security Service (%AF夶À¨) - Unknown owner - C:\WINNT\iccsigs.dat:tzcus.exe (file missing)

Scanned at: 10:13:56 PM on: 2/17/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Removed! : C:\WINNT\bujyx.dat
Removed! : C:\WINNT\bupeh.dll
Error Removing! : C:\WINNT\bwfikh.dat
Removed! : C:\WINNT\chmha.dll
Removed! : C:\WINNT\cirdw.dat
Removed! : C:\WINNT\ckoryy.dat
Removed! : C:\WINNT\cnewo.dat
Removed! : C:\WINNT\cqagw.dat
Removed! : C:\WINNT\crpa.exe
Removed! : C:\WINNT\crwn.exe
Removed! : C:\WINNT\cwaiy.dll
Removed! : C:\WINNT\d3xz32.exe
Removed! : C:\WINNT\ddpkj.dat
Removed! : C:\WINNT\ddybd.dll
Removed! : C:\WINNT\dervw.dat
Removed! : C:\WINNT\dmgyq.dat
Removed! : C:\WINNT\dneuwf.dat
Removed! : C:\WINNT\dxsfo.dat
Removed! : C:\WINNT\emqxu.dll
Removed! : C:\WINNT\erkakl.dat
Removed! : C:\WINNT\ftvtw.dat
Removed! : C:\WINNT\ftvtws.dat
Removed! : C:\WINNT\gatsc.dat
Removed! : C:\WINNT\ggrnx.dll
Removed! : C:\WINNT\ggvwv.dll
Removed! : C:\WINNT\glota.dll
Removed! : C:\WINNT\gowoo.dat
Removed! : C:\WINNT\gowoo.dll
Removed! : C:\WINNT\grmte.dat
Removed! : C:\WINNT\gukrv.dat
Removed! : C:\WINNT\hafyi.dat
Removed! : C:\WINNT\hfavm.dll
Removed! : C:\WINNT\hnrmk.dll
Removed! : C:\WINNT\idvux.dat
Removed! : C:\WINNT\ienf.exe
Removed! : C:\WINNT\iomekv.dat
Removed! : C:\WINNT\irzmz.dll
Removed! : C:\WINNT\javaji.exe
Removed! : C:\WINNT\jplns.dat
Removed! : C:\WINNT\kffkw.dat
Removed! : C:\WINNT\kgbtj.dll
Removed! : C:\WINNT\khgpo.dat
Removed! : C:\WINNT\kiite.dll
Removed! : C:\WINNT\kitus.dat
Removed! : C:\WINNT\krwek.dat
Removed! : C:\WINNT\ksdxr.dll
Removed! : C:\WINNT\ktzpn.dll
Removed! : C:\WINNT\licwjl.dat
Removed! : C:\WINNT\mfcnb32.exe
Removed! : C:\WINNT\mjjau.dll
Removed! : C:\WINNT\mlrqh.dat
Removed! : C:\WINNT\mrkpl.dat
Removed! : C:\WINNT\msxn32.exe
Removed! : C:\WINNT\muovv.dat
Removed! : C:\WINNT\muvgb.dll
Removed! : C:\WINNT\mwzdb.dat
Removed! : C:\WINNT\ngbyz.dll
Removed! : C:\WINNT\nhfjw.dat
Removed! : C:\WINNT\nidvsh.dat
Removed! : C:\WINNT\niihy.dat
Removed! : C:\WINNT\nkzut.dat
Removed! : C:\WINNT\ntzb.dll
Removed! : C:\WINNT\nyixv.dat
Removed! : C:\WINNT\n_atoplu.dat
Removed! : C:\WINNT\n_cfutcz.dat
Removed! : C:\WINNT\n_nvnaxm.dat
Removed! : C:\WINNT\n_nzosor.dat
Removed! : C:\WINNT\n_qrdnho.dat
Removed! : C:\WINNT\n_tocsjz.dat
Removed! : C:\WINNT\n_vebedf.dat
Removed! : C:\WINNT\ohiaj.dat
Removed! : C:\WINNT\orijg.dat
Removed! : C:\WINNT\ovqxw.dat
Removed! : C:\WINNT\pdrmj.dll
Removed! : C:\WINNT\pwnez.dat
Removed! : C:\WINNT\pyvdr.dat
Removed! : C:\WINNT\qjufl.dat
Removed! : C:\WINNT\qvmal.dat
Removed! : C:\WINNT\qyfor.dll
Removed! : C:\WINNT\sbboq.dat
Removed! : C:\WINNT\sbuvg.dat
Removed! : C:\WINNT\scupi.dat
Removed! : C:\WINNT\sdkbn.exe
Removed! : C:\WINNT\sdkdu32.exe
Removed! : C:\WINNT\sdkfw32.exe
Removed! : C:\WINNT\sdkrh.exe
Removed! : C:\WINNT\sdkti32.exe
Removed! : C:\WINNT\sysll32.exe
Removed! : C:\WINNT\thjzx.dat
Removed! : C:\WINNT\tqljm.dat
Removed! : C:\WINNT\tqsqh.dat
Removed! : C:\WINNT\tqtwu.dll
Removed! : C:\WINNT\trkkf.dat
Removed! : C:\WINNT\twgmyb.dat
Removed! : C:\WINNT\uljge.dat
Removed! : C:\WINNT\uxmmd.dll
Removed! : C:\WINNT\vhohx.dat
Removed! : C:\WINNT\vhrilh.dat
Removed! : C:\WINNT\vkgbt.dat
Removed! : C:\WINNT\vvbvz.dat
Removed! : C:\WINNT\vxudr.dll
Removed! : C:\WINNT\vzrzh.dat
Removed! : C:\WINNT\wohab.dat
Removed! : C:\WINNT\wvkwt.dll
Removed! : C:\WINNT\wvyvu.dat
Removed! : C:\WINNT\xqwdx.dll
Removed! : C:\WINNT\yntuu.dat
Removed! : C:\WINNT\ytkda.dat
Removed! : C:\WINNT\yvzff.dat
Removed! : C:\WINNT\yymev.dat
Removed! : C:\WINNT\zjehm.dat
Removed! : C:\WINNT\zwbsy.dll
Removed! : C:\WINNT\system32\acoax.dat
Removed! : C:\WINNT\system32\apvgo.dat
Removed! : C:\WINNT\system32\aqwcl.dat
Removed! : C:\WINNT\system32\atjbw.dll
Removed! : C:\WINNT\system32\azcea.dat
Removed! : C:\WINNT\system32\bhnww.dll
Removed! : C:\WINNT\system32\bidvi.dat
Removed! : C:\WINNT\system32\boans.dat
Removed! : C:\WINNT\system32\bopgd.dat
Removed! : C:\WINNT\system32\bqciz.dll
Removed! : C:\WINNT\system32\ctcwy.dat
Removed! : C:\WINNT\system32\cwvhp.dat
Removed! : C:\WINNT\system32\czbyy.dat
Removed! : C:\WINNT\system32\dfcnk.dll
Removed! : C:\WINNT\system32\dgrye.dll
Removed! : C:\WINNT\system32\dloaw.dat
Removed! : C:\WINNT\system32\dlrtc.dll
Removed! : C:\WINNT\system32\ehrvl.dat
Removed! : C:\WINNT\system32\ejmte.dat
Removed! : C:\WINNT\system32\esufb.dat
Removed! : C:\WINNT\system32\euaoe.dat
Removed! : C:\WINNT\system32\fcfjs.dat
Removed! : C:\WINNT\system32\fdkai.dat
Removed! : C:\WINNT\system32\fwmlo.dat
Removed! : C:\WINNT\system32\gevhq.dll
Removed! : C:\WINNT\system32\gfckb.dll
Removed! : C:\WINNT\system32\gjyxt.dat
Removed! : C:\WINNT\system32\gkgyx.dat
Removed! : C:\WINNT\system32\gltvp.dat
Removed! : C:\WINNT\system32\gnrwj.dat
Removed! : C:\WINNT\system32\gxlag.dat
Removed! : C:\WINNT\system32\hbpnp.dat
Removed! : C:\WINNT\system32\heveh.dat
Removed! : C:\WINNT\system32\hevxp.dat
Removed! : C:\WINNT\system32\hkjxb.dat
Removed! : C:\WINNT\system32\hvmsz.dat
Removed! : C:\WINNT\system32\hywpo.dll
Removed! : C:\WINNT\system32\igzkq.dat
Removed! : C:\WINNT\system32\igzkq.dll
Removed! : C:\WINNT\system32\inqto.dll
Removed! : C:\WINNT\system32\ipyj32.exe
Removed! : C:\WINNT\system32\itmcf.dat
Removed! : C:\WINNT\system32\javagr32.exe
Removed! : C:\WINNT\system32\javaow.exe
Removed! : C:\WINNT\system32\javapv32.exe
Removed! : C:\WINNT\system32\javasl.exe
Removed! : C:\WINNT\system32\jcwyu.dat
Removed! : C:\WINNT\system32\jlpmv.dll
Removed! : C:\WINNT\system32\jqgsa.dat
Removed! : C:\WINNT\system32\jxhkc.dll
Removed! : C:\WINNT\system32\kamcm.dat
Removed! : C:\WINNT\system32\kbldc.dll
Removed! : C:\WINNT\system32\kfthp.dat
Removed! : C:\WINNT\system32\kqhmf.dat
Removed! : C:\WINNT\system32\ksvwm.dll
Removed! : C:\WINNT\system32\ktsxc.dat
Removed! : C:\WINNT\system32\kvzlp.dat
Removed! : C:\WINNT\system32\kydhd.dat
Removed! : C:\WINNT\system32\lashb.dat
Removed! : C:\WINNT\system32\ldgvv.dat
Removed! : C:\WINNT\system32\ljvcb.dat
Removed! : C:\WINNT\system32\lterz.dat
Removed! : C:\WINNT\system32\lzhxh.dat
Removed! : C:\WINNT\system32\mhywp.dat
Removed! : C:\WINNT\system32\nbssj.dll
Removed! : C:\WINNT\system32\ngvcd.dat
Removed! : C:\WINNT\system32\nrygi.dat
Removed! : C:\WINNT\system32\ntap32.exe
Removed! : C:\WINNT\system32\nxdvz.dat
Removed! : C:\WINNT\system32\ouiyz.dat
Removed! : C:\WINNT\system32\oupul.dll
Removed! : C:\WINNT\system32\ozrur.dll
Removed! : C:\WINNT\system32\pcpjs.dat
Removed! : C:\WINNT\system32\pcpjs.dll
Removed! : C:\WINNT\system32\pgtnp.dat
Removed! : C:\WINNT\system32\ppteo.dat
Removed! : C:\WINNT\system32\pxqzx.dat
Removed! : C:\WINNT\system32\qkutt.dat
Removed! : C:\WINNT\system32\qqeae.dat
Removed! : C:\WINNT\system32\rcxyz.dat
Removed! : C:\WINNT\system32\rkpty.dat
Removed! : C:\WINNT\system32\rkrdl.dll
Removed! : C:\WINNT\system32\rlacu.dat
Removed! : C:\WINNT\system32\sdgrq.dat
Removed! : C:\WINNT\system32\sdkbe.exe
Removed! : C:\WINNT\system32\sdkxd.exe
Removed! : C:\WINNT\system32\seiac.dat
Removed! : C:\WINNT\system32\sysxk.exe
Removed! : C:\WINNT\system32\taqfy.dat
Removed! : C:\WINNT\system32\tilsd.dat
Removed! : C:\WINNT\system32\tnqsp.dat
Removed! : C:\WINNT\system32\ujrlp.dll
Removed! : C:\WINNT\system32\uxnaw.dat
Removed! : C:\WINNT\system32\uxnaw.dll
Removed! : C:\WINNT\system32\uzwaw.dll
Removed! : C:\WINNT\system32\vgkzc.dat
Removed! : C:\WINNT\system32\vjepw.dat
Removed! : C:\WINNT\system32\vqfqm.dat
Removed! : C:\WINNT\system32\vuxtf.dat
Removed! : C:\WINNT\system32\wkqwk.dll
Removed! : C:\WINNT\system32\wpigy.dat
Removed! : C:\WINNT\system32\xldsl.dll
Removed! : C:\WINNT\system32\xmyfc.dat
Removed! : C:\WINNT\system32\xpqgh.dll
Removed! : C:\WINNT\system32\xtjea.dat
Removed! : C:\WINNT\system32\xtynh.dll
Removed! : C:\WINNT\system32\xywhv.dat
Removed! : C:\WINNT\system32\xzrzk.dat
Removed! : C:\WINNT\system32\yajzl.dat
Removed! : C:\WINNT\system32\ycbel.dat
Removed! : C:\WINNT\system32\ydech.dat
Removed! : C:\WINNT\system32\yhnyo.dll
Removed! : C:\WINNT\system32\ylabo.dll
Removed! : C:\WINNT\system32\zflbz.dat
Removed! : C:\WINNT\system32\zmlnn.dat
Removed! : C:\WINNT\system32\zphux.dll
Removed! : C:\WINNT\system32\zwfvz.dll
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Removed! : C:\WINNT\bwfikh.dat
Attempted Clean Of Temp folder.
Pages Reset... Done!




thank you
  • 0

#8
mr joshua
Posted 18 February 2005 - 12:52 AM

mr joshua

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
also, everytime i start up windows it says i am missing shell.dll i downloaded it and i am wondering what i have to do to reinstall it?
thank you
  • 0

#9
coachwife6
Posted 18 February 2005 - 07:37 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Did you run Hijack This after completing all the steps? If so, please follow the instructions again. The infection is still there. I'll keep an eye on this for you and will do some looking around.
  • 0

#10
mr joshua
Posted 19 February 2005 - 02:56 AM

mr joshua

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
here are the new logs. also when i start up my computer, a message comes up saying i am missing shel.dll. i downloaded it, but i dont know where to install it? please help. and thank you
Logfile of HijackThis v1.99.1
Scan saved at 10:36:00 PM, on 2/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\ntgw.exe
C:\WINNT\System32\tibs3.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\iccsigs.dat:tzcus
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\52CFN90L\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\hwgim.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\hwgim.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\hwgim.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\hwgim.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\hwgim.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\hwgim.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\hwgim.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com...ktime/download/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A6CF3D29-5AC2-AA1C-52D4-DBFA09FC7592} - C:\WINNT\system32\winxc32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [ntgw.exe] C:\WINNT\system32\ntgw.exe
O4 - HKLM\..\Run: [apill32.exe] C:\WINNT\system32\apill32.exe
O4 - HKLM\..\Run: [tibs3] C:\WINNT\System32\tibs3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [sysoi32.exe] C:\WINNT\system32\sysoi32.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [crqx.exe] C:\WINNT\system32\crqx.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Owner\Desktop\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Network Security Service (%AF夶À¨) - Unknown owner - C:\WINNT\iccsigs.dat:tzcus.exe (file missing)


AB LOG

Scanned at: 10:13:56 PM on: 2/17/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Removed! : C:\WINNT\bujyx.dat
Removed! : C:\WINNT\bupeh.dll
Error Removing! : C:\WINNT\bwfikh.dat
Removed! : C:\WINNT\chmha.dll
Removed! : C:\WINNT\cirdw.dat
Removed! : C:\WINNT\ckoryy.dat
Removed! : C:\WINNT\cnewo.dat
Removed! : C:\WINNT\cqagw.dat
Removed! : C:\WINNT\crpa.exe
Removed! : C:\WINNT\crwn.exe
Removed! : C:\WINNT\cwaiy.dll
Removed! : C:\WINNT\d3xz32.exe
Removed! : C:\WINNT\ddpkj.dat
Removed! : C:\WINNT\ddybd.dll
Removed! : C:\WINNT\dervw.dat
Removed! : C:\WINNT\dmgyq.dat
Removed! : C:\WINNT\dneuwf.dat
Removed! : C:\WINNT\dxsfo.dat
Removed! : C:\WINNT\emqxu.dll
Removed! : C:\WINNT\erkakl.dat
Removed! : C:\WINNT\ftvtw.dat
Removed! : C:\WINNT\ftvtws.dat
Removed! : C:\WINNT\gatsc.dat
Removed! : C:\WINNT\ggrnx.dll
Removed! : C:\WINNT\ggvwv.dll
Removed! : C:\WINNT\glota.dll
Removed! : C:\WINNT\gowoo.dat
Removed! : C:\WINNT\gowoo.dll
Removed! : C:\WINNT\grmte.dat
Removed! : C:\WINNT\gukrv.dat
Removed! : C:\WINNT\hafyi.dat
Removed! : C:\WINNT\hfavm.dll
Removed! : C:\WINNT\hnrmk.dll
Removed! : C:\WINNT\idvux.dat
Removed! : C:\WINNT\ienf.exe
Removed! : C:\WINNT\iomekv.dat
Removed! : C:\WINNT\irzmz.dll
Removed! : C:\WINNT\javaji.exe
Removed! : C:\WINNT\jplns.dat
Removed! : C:\WINNT\kffkw.dat
Removed! : C:\WINNT\kgbtj.dll
Removed! : C:\WINNT\khgpo.dat
Removed! : C:\WINNT\kiite.dll
Removed! : C:\WINNT\kitus.dat
Removed! : C:\WINNT\krwek.dat
Removed! : C:\WINNT\ksdxr.dll
Removed! : C:\WINNT\ktzpn.dll
Removed! : C:\WINNT\licwjl.dat
Removed! : C:\WINNT\mfcnb32.exe
Removed! : C:\WINNT\mjjau.dll
Removed! : C:\WINNT\mlrqh.dat
Removed! : C:\WINNT\mrkpl.dat
Removed! : C:\WINNT\msxn32.exe
Removed! : C:\WINNT\muovv.dat
Removed! : C:\WINNT\muvgb.dll
Removed! : C:\WINNT\mwzdb.dat
Removed! : C:\WINNT\ngbyz.dll
Removed! : C:\WINNT\nhfjw.dat
Removed! : C:\WINNT\nidvsh.dat
Removed! : C:\WINNT\niihy.dat
Removed! : C:\WINNT\nkzut.dat
Removed! : C:\WINNT\ntzb.dll
Removed! : C:\WINNT\nyixv.dat
Removed! : C:\WINNT\n_atoplu.dat
Removed! : C:\WINNT\n_cfutcz.dat
Removed! : C:\WINNT\n_nvnaxm.dat
Removed! : C:\WINNT\n_nzosor.dat
Removed! : C:\WINNT\n_qrdnho.dat
Removed! : C:\WINNT\n_tocsjz.dat
Removed! : C:\WINNT\n_vebedf.dat
Removed! : C:\WINNT\ohiaj.dat
Removed! : C:\WINNT\orijg.dat
Removed! : C:\WINNT\ovqxw.dat
Removed! : C:\WINNT\pdrmj.dll
Removed! : C:\WINNT\pwnez.dat
Removed! : C:\WINNT\pyvdr.dat
Removed! : C:\WINNT\qjufl.dat
Removed! : C:\WINNT\qvmal.dat
Removed! : C:\WINNT\qyfor.dll
Removed! : C:\WINNT\sbboq.dat
Removed! : C:\WINNT\sbuvg.dat
Removed! : C:\WINNT\scupi.dat
Removed! : C:\WINNT\sdkbn.exe
Removed! : C:\WINNT\sdkdu32.exe
Removed! : C:\WINNT\sdkfw32.exe
Removed! : C:\WINNT\sdkrh.exe
Removed! : C:\WINNT\sdkti32.exe
Removed! : C:\WINNT\sysll32.exe
Removed! : C:\WINNT\thjzx.dat
Removed! : C:\WINNT\tqljm.dat
Removed! : C:\WINNT\tqsqh.dat
Removed! : C:\WINNT\tqtwu.dll
Removed! : C:\WINNT\trkkf.dat
Removed! : C:\WINNT\twgmyb.dat
Removed! : C:\WINNT\uljge.dat
Removed! : C:\WINNT\uxmmd.dll
Removed! : C:\WINNT\vhohx.dat
Removed! : C:\WINNT\vhrilh.dat
Removed! : C:\WINNT\vkgbt.dat
Removed! : C:\WINNT\vvbvz.dat
Removed! : C:\WINNT\vxudr.dll
Removed! : C:\WINNT\vzrzh.dat
Removed! : C:\WINNT\wohab.dat
Removed! : C:\WINNT\wvkwt.dll
Removed! : C:\WINNT\wvyvu.dat
Removed! : C:\WINNT\xqwdx.dll
Removed! : C:\WINNT\yntuu.dat
Removed! : C:\WINNT\ytkda.dat
Removed! : C:\WINNT\yvzff.dat
Removed! : C:\WINNT\yymev.dat
Removed! : C:\WINNT\zjehm.dat
Removed! : C:\WINNT\zwbsy.dll
Removed! : C:\WINNT\system32\acoax.dat
Removed! : C:\WINNT\system32\apvgo.dat
Removed! : C:\WINNT\system32\aqwcl.dat
Removed! : C:\WINNT\system32\atjbw.dll
Removed! : C:\WINNT\system32\azcea.dat
Removed! : C:\WINNT\system32\bhnww.dll
Removed! : C:\WINNT\system32\bidvi.dat
Removed! : C:\WINNT\system32\boans.dat
Removed! : C:\WINNT\system32\bopgd.dat
Removed! : C:\WINNT\system32\bqciz.dll
Removed! : C:\WINNT\system32\ctcwy.dat
Removed! : C:\WINNT\system32\cwvhp.dat
Removed! : C:\WINNT\system32\czbyy.dat
Removed! : C:\WINNT\system32\dfcnk.dll
Removed! : C:\WINNT\system32\dgrye.dll
Removed! : C:\WINNT\system32\dloaw.dat
Removed! : C:\WINNT\system32\dlrtc.dll
Removed! : C:\WINNT\system32\ehrvl.dat
Removed! : C:\WINNT\system32\ejmte.dat
Removed! : C:\WINNT\system32\esufb.dat
Removed! : C:\WINNT\system32\euaoe.dat
Removed! : C:\WINNT\system32\fcfjs.dat
Removed! : C:\WINNT\system32\fdkai.dat
Removed! : C:\WINNT\system32\fwmlo.dat
Removed! : C:\WINNT\system32\gevhq.dll
Removed! : C:\WINNT\system32\gfckb.dll
Removed! : C:\WINNT\system32\gjyxt.dat
Removed! : C:\WINNT\system32\gkgyx.dat
Removed! : C:\WINNT\system32\gltvp.dat
Removed! : C:\WINNT\system32\gnrwj.dat
Removed! : C:\WINNT\system32\gxlag.dat
Removed! : C:\WINNT\system32\hbpnp.dat
Removed! : C:\WINNT\system32\heveh.dat
Removed! : C:\WINNT\system32\hevxp.dat
Removed! : C:\WINNT\system32\hkjxb.dat
Removed! : C:\WINNT\system32\hvmsz.dat
Removed! : C:\WINNT\system32\hywpo.dll
Removed! : C:\WINNT\system32\igzkq.dat
Removed! : C:\WINNT\system32\igzkq.dll
Removed! : C:\WINNT\system32\inqto.dll
Removed! : C:\WINNT\system32\ipyj32.exe
Removed! : C:\WINNT\system32\itmcf.dat
Removed! : C:\WINNT\system32\javagr32.exe
Removed! : C:\WINNT\system32\javaow.exe
Removed! : C:\WINNT\system32\javapv32.exe
Removed! : C:\WINNT\system32\javasl.exe
Removed! : C:\WINNT\system32\jcwyu.dat
Removed! : C:\WINNT\system32\jlpmv.dll
Removed! : C:\WINNT\system32\jqgsa.dat
Removed! : C:\WINNT\system32\jxhkc.dll
Removed! : C:\WINNT\system32\kamcm.dat
Removed! : C:\WINNT\system32\kbldc.dll
Removed! : C:\WINNT\system32\kfthp.dat
Removed! : C:\WINNT\system32\kqhmf.dat
Removed! : C:\WINNT\system32\ksvwm.dll
Removed! : C:\WINNT\system32\ktsxc.dat
Removed! : C:\WINNT\system32\kvzlp.dat
Removed! : C:\WINNT\system32\kydhd.dat
Removed! : C:\WINNT\system32\lashb.dat
Removed! : C:\WINNT\system32\ldgvv.dat
Removed! : C:\WINNT\system32\ljvcb.dat
Removed! : C:\WINNT\system32\lterz.dat
Removed! : C:\WINNT\system32\lzhxh.dat
Removed! : C:\WINNT\system32\mhywp.dat
Removed! : C:\WINNT\system32\nbssj.dll
Removed! : C:\WINNT\system32\ngvcd.dat
Removed! : C:\WINNT\system32\nrygi.dat
Removed! : C:\WINNT\system32\ntap32.exe
Removed! : C:\WINNT\system32\nxdvz.dat
Removed! : C:\WINNT\system32\ouiyz.dat
Removed! : C:\WINNT\system32\oupul.dll
Removed! : C:\WINNT\system32\ozrur.dll
Removed! : C:\WINNT\system32\pcpjs.dat
Removed! : C:\WINNT\system32\pcpjs.dll
Removed! : C:\WINNT\system32\pgtnp.dat
Removed! : C:\WINNT\system32\ppteo.dat
Removed! : C:\WINNT\system32\pxqzx.dat
Removed! : C:\WINNT\system32\qkutt.dat
Removed! : C:\WINNT\system32\qqeae.dat
Removed! : C:\WINNT\system32\rcxyz.dat
Removed! : C:\WINNT\system32\rkpty.dat
Removed! : C:\WINNT\system32\rkrdl.dll
Removed! : C:\WINNT\system32\rlacu.dat
Removed! : C:\WINNT\system32\sdgrq.dat
Removed! : C:\WINNT\system32\sdkbe.exe
Removed! : C:\WINNT\system32\sdkxd.exe
Removed! : C:\WINNT\system32\seiac.dat
Removed! : C:\WINNT\system32\sysxk.exe
Removed! : C:\WINNT\system32\taqfy.dat
Removed! : C:\WINNT\system32\tilsd.dat
Removed! : C:\WINNT\system32\tnqsp.dat
Removed! : C:\WINNT\system32\ujrlp.dll
Removed! : C:\WINNT\system32\uxnaw.dat
Removed! : C:\WINNT\system32\uxnaw.dll
Removed! : C:\WINNT\system32\uzwaw.dll
Removed! : C:\WINNT\system32\vgkzc.dat
Removed! : C:\WINNT\system32\vjepw.dat
Removed! : C:\WINNT\system32\vqfqm.dat
Removed! : C:\WINNT\system32\vuxtf.dat
Removed! : C:\WINNT\system32\wkqwk.dll
Removed! : C:\WINNT\system32\wpigy.dat
Removed! : C:\WINNT\system32\xldsl.dll
Removed! : C:\WINNT\system32\xmyfc.dat
Removed! : C:\WINNT\system32\xpqgh.dll
Removed! : C:\WINNT\system32\xtjea.dat
Removed! : C:\WINNT\system32\xtynh.dll
Removed! : C:\WINNT\system32\xywhv.dat
Removed! : C:\WINNT\system32\xzrzk.dat
Removed! : C:\WINNT\system32\yajzl.dat
Removed! : C:\WINNT\system32\ycbel.dat
Removed! : C:\WINNT\system32\ydech.dat
Removed! : C:\WINNT\system32\yhnyo.dll
Removed! : C:\WINNT\system32\ylabo.dll
Removed! : C:\WINNT\system32\zflbz.dat
Removed! : C:\WINNT\system32\zmlnn.dat
Removed! : C:\WINNT\system32\zphux.dll
Removed! : C:\WINNT\system32\zwfvz.dll
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Removed! : C:\WINNT\bwfikh.dat
Attempted Clean Of Temp folder.
Pages Reset... Done!






thank you
  • 0

Advertisements

#11
mr joshua
Posted 22 February 2005 - 12:14 AM

mr joshua

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
hello..
sny luck?
also i am still having trouble with shell.dll?
thanks
  • 0

#12
coachwife6
Posted 22 February 2005 - 08:19 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
MJ. You will need to run the instructions again. You still have the presence of these entries. Try it again, and see if they are gone. If they aren't, make another post and I will respond right away this time.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\hwgim.dll/sp.html#12802


  • 0

#13
mr joshua
Posted 22 February 2005 - 09:43 PM

mr joshua

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
hello


Logfile of HijackThis v1.99.1
Scan saved at 7:40:51 PM, on 2/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\ntgw.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\tibs3.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINNT\iccsigs.dat:tzcus
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WBFVMSPX\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\xidjf.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\xidjf.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\xidjf.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\xidjf.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\xidjf.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\xidjf.dll/sp.html#12802
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\xidjf.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com...ktime/download/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3F3C5B9E-D280-3C2F-F195-E2DB622572FB} - C:\WINNT\atliy32.dll
O2 - BHO: (no name) - {CB818168-3BCD-9A9D-913D-5395B818A142} - C:\WINNT\system32\javamv.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [ntgw.exe] C:\WINNT\system32\ntgw.exe
O4 - HKLM\..\Run: [apill32.exe] C:\WINNT\system32\apill32.exe
O4 - HKLM\..\Run: [tibs3] C:\WINNT\System32\tibs3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [sysoi32.exe] C:\WINNT\system32\sysoi32.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [crqx.exe] C:\WINNT\system32\crqx.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Owner\Desktop\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Network Security Service (%AF夶À¨) - Unknown owner - C:\WINNT\iccsigs.dat:tzcus.exe (file missing)





Scanned at: 10:13:56 PM on: 2/17/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Removed! : C:\WINNT\bujyx.dat
Removed! : C:\WINNT\bupeh.dll
Error Removing! : C:\WINNT\bwfikh.dat
Removed! : C:\WINNT\chmha.dll
Removed! : C:\WINNT\cirdw.dat
Removed! : C:\WINNT\ckoryy.dat
Removed! : C:\WINNT\cnewo.dat
Removed! : C:\WINNT\cqagw.dat
Removed! : C:\WINNT\crpa.exe
Removed! : C:\WINNT\crwn.exe
Removed! : C:\WINNT\cwaiy.dll
Removed! : C:\WINNT\d3xz32.exe
Removed! : C:\WINNT\ddpkj.dat
Removed! : C:\WINNT\ddybd.dll
Removed! : C:\WINNT\dervw.dat
Removed! : C:\WINNT\dmgyq.dat
Removed! : C:\WINNT\dneuwf.dat
Removed! : C:\WINNT\dxsfo.dat
Removed! : C:\WINNT\emqxu.dll
Removed! : C:\WINNT\erkakl.dat
Removed! : C:\WINNT\ftvtw.dat
Removed! : C:\WINNT\ftvtws.dat
Removed! : C:\WINNT\gatsc.dat
Removed! : C:\WINNT\ggrnx.dll
Removed! : C:\WINNT\ggvwv.dll
Removed! : C:\WINNT\glota.dll
Removed! : C:\WINNT\gowoo.dat
Removed! : C:\WINNT\gowoo.dll
Removed! : C:\WINNT\grmte.dat
Removed! : C:\WINNT\gukrv.dat
Removed! : C:\WINNT\hafyi.dat
Removed! : C:\WINNT\hfavm.dll
Removed! : C:\WINNT\hnrmk.dll
Removed! : C:\WINNT\idvux.dat
Removed! : C:\WINNT\ienf.exe
Removed! : C:\WINNT\iomekv.dat
Removed! : C:\WINNT\irzmz.dll
Removed! : C:\WINNT\javaji.exe
Removed! : C:\WINNT\jplns.dat
Removed! : C:\WINNT\kffkw.dat
Removed! : C:\WINNT\kgbtj.dll
Removed! : C:\WINNT\khgpo.dat
Removed! : C:\WINNT\kiite.dll
Removed! : C:\WINNT\kitus.dat
Removed! : C:\WINNT\krwek.dat
Removed! : C:\WINNT\ksdxr.dll
Removed! : C:\WINNT\ktzpn.dll
Removed! : C:\WINNT\licwjl.dat
Removed! : C:\WINNT\mfcnb32.exe
Removed! : C:\WINNT\mjjau.dll
Removed! : C:\WINNT\mlrqh.dat
Removed! : C:\WINNT\mrkpl.dat
Removed! : C:\WINNT\msxn32.exe
Removed! : C:\WINNT\muovv.dat
Removed! : C:\WINNT\muvgb.dll
Removed! : C:\WINNT\mwzdb.dat
Removed! : C:\WINNT\ngbyz.dll
Removed! : C:\WINNT\nhfjw.dat
Removed! : C:\WINNT\nidvsh.dat
Removed! : C:\WINNT\niihy.dat
Removed! : C:\WINNT\nkzut.dat
Removed! : C:\WINNT\ntzb.dll
Removed! : C:\WINNT\nyixv.dat
Removed! : C:\WINNT\n_atoplu.dat
Removed! : C:\WINNT\n_cfutcz.dat
Removed! : C:\WINNT\n_nvnaxm.dat
Removed! : C:\WINNT\n_nzosor.dat
Removed! : C:\WINNT\n_qrdnho.dat
Removed! : C:\WINNT\n_tocsjz.dat
Removed! : C:\WINNT\n_vebedf.dat
Removed! : C:\WINNT\ohiaj.dat
Removed! : C:\WINNT\orijg.dat
Removed! : C:\WINNT\ovqxw.dat
Removed! : C:\WINNT\pdrmj.dll
Removed! : C:\WINNT\pwnez.dat
Removed! : C:\WINNT\pyvdr.dat
Removed! : C:\WINNT\qjufl.dat
Removed! : C:\WINNT\qvmal.dat
Removed! : C:\WINNT\qyfor.dll
Removed! : C:\WINNT\sbboq.dat
Removed! : C:\WINNT\sbuvg.dat
Removed! : C:\WINNT\scupi.dat
Removed! : C:\WINNT\sdkbn.exe
Removed! : C:\WINNT\sdkdu32.exe
Removed! : C:\WINNT\sdkfw32.exe
Removed! : C:\WINNT\sdkrh.exe
Removed! : C:\WINNT\sdkti32.exe
Removed! : C:\WINNT\sysll32.exe
Removed! : C:\WINNT\thjzx.dat
Removed! : C:\WINNT\tqljm.dat
Removed! : C:\WINNT\tqsqh.dat
Removed! : C:\WINNT\tqtwu.dll
Removed! : C:\WINNT\trkkf.dat
Removed! : C:\WINNT\twgmyb.dat
Removed! : C:\WINNT\uljge.dat
Removed! : C:\WINNT\uxmmd.dll
Removed! : C:\WINNT\vhohx.dat
Removed! : C:\WINNT\vhrilh.dat
Removed! : C:\WINNT\vkgbt.dat
Removed! : C:\WINNT\vvbvz.dat
Removed! : C:\WINNT\vxudr.dll
Removed! : C:\WINNT\vzrzh.dat
Removed! : C:\WINNT\wohab.dat
Removed! : C:\WINNT\wvkwt.dll
Removed! : C:\WINNT\wvyvu.dat
Removed! : C:\WINNT\xqwdx.dll
Removed! : C:\WINNT\yntuu.dat
Removed! : C:\WINNT\ytkda.dat
Removed! : C:\WINNT\yvzff.dat
Removed! : C:\WINNT\yymev.dat
Removed! : C:\WINNT\zjehm.dat
Removed! : C:\WINNT\zwbsy.dll
Removed! : C:\WINNT\system32\acoax.dat
Removed! : C:\WINNT\system32\apvgo.dat
Removed! : C:\WINNT\system32\aqwcl.dat
Removed! : C:\WINNT\system32\atjbw.dll
Removed! : C:\WINNT\system32\azcea.dat
Removed! : C:\WINNT\system32\bhnww.dll
Removed! : C:\WINNT\system32\bidvi.dat
Removed! : C:\WINNT\system32\boans.dat
Removed! : C:\WINNT\system32\bopgd.dat
Removed! : C:\WINNT\system32\bqciz.dll
Removed! : C:\WINNT\system32\ctcwy.dat
Removed! : C:\WINNT\system32\cwvhp.dat
Removed! : C:\WINNT\system32\czbyy.dat
Removed! : C:\WINNT\system32\dfcnk.dll
Removed! : C:\WINNT\system32\dgrye.dll
Removed! : C:\WINNT\system32\dloaw.dat
Removed! : C:\WINNT\system32\dlrtc.dll
Removed! : C:\WINNT\system32\ehrvl.dat
Removed! : C:\WINNT\system32\ejmte.dat
Removed! : C:\WINNT\system32\esufb.dat
Removed! : C:\WINNT\system32\euaoe.dat
Removed! : C:\WINNT\system32\fcfjs.dat
Removed! : C:\WINNT\system32\fdkai.dat
Removed! : C:\WINNT\system32\fwmlo.dat
Removed! : C:\WINNT\system32\gevhq.dll
Removed! : C:\WINNT\system32\gfckb.dll
Removed! : C:\WINNT\system32\gjyxt.dat
Removed! : C:\WINNT\system32\gkgyx.dat
Removed! : C:\WINNT\system32\gltvp.dat
Removed! : C:\WINNT\system32\gnrwj.dat
Removed! : C:\WINNT\system32\gxlag.dat
Removed! : C:\WINNT\system32\hbpnp.dat
Removed! : C:\WINNT\system32\heveh.dat
Removed! : C:\WINNT\system32\hevxp.dat
Removed! : C:\WINNT\system32\hkjxb.dat
Removed! : C:\WINNT\system32\hvmsz.dat
Removed! : C:\WINNT\system32\hywpo.dll
Removed! : C:\WINNT\system32\igzkq.dat
Removed! : C:\WINNT\system32\igzkq.dll
Removed! : C:\WINNT\system32\inqto.dll
Removed! : C:\WINNT\system32\ipyj32.exe
Removed! : C:\WINNT\system32\itmcf.dat
Removed! : C:\WINNT\system32\javagr32.exe
Removed! : C:\WINNT\system32\javaow.exe
Removed! : C:\WINNT\system32\javapv32.exe
Removed! : C:\WINNT\system32\javasl.exe
Removed! : C:\WINNT\system32\jcwyu.dat
Removed! : C:\WINNT\system32\jlpmv.dll
Removed! : C:\WINNT\system32\jqgsa.dat
Removed! : C:\WINNT\system32\jxhkc.dll
Removed! : C:\WINNT\system32\kamcm.dat
Removed! : C:\WINNT\system32\kbldc.dll
Removed! : C:\WINNT\system32\kfthp.dat
Removed! : C:\WINNT\system32\kqhmf.dat
Removed! : C:\WINNT\system32\ksvwm.dll
Removed! : C:\WINNT\system32\ktsxc.dat
Removed! : C:\WINNT\system32\kvzlp.dat
Removed! : C:\WINNT\system32\kydhd.dat
Removed! : C:\WINNT\system32\lashb.dat
Removed! : C:\WINNT\system32\ldgvv.dat
Removed! : C:\WINNT\system32\ljvcb.dat
Removed! : C:\WINNT\system32\lterz.dat
Removed! : C:\WINNT\system32\lzhxh.dat
Removed! : C:\WINNT\system32\mhywp.dat
Removed! : C:\WINNT\system32\nbssj.dll
Removed! : C:\WINNT\system32\ngvcd.dat
Removed! : C:\WINNT\system32\nrygi.dat
Removed! : C:\WINNT\system32\ntap32.exe
Removed! : C:\WINNT\system32\nxdvz.dat
Removed! : C:\WINNT\system32\ouiyz.dat
Removed! : C:\WINNT\system32\oupul.dll
Removed! : C:\WINNT\system32\ozrur.dll
Removed! : C:\WINNT\system32\pcpjs.dat
Removed! : C:\WINNT\system32\pcpjs.dll
Removed! : C:\WINNT\system32\pgtnp.dat
Removed! : C:\WINNT\system32\ppteo.dat
Removed! : C:\WINNT\system32\pxqzx.dat
Removed! : C:\WINNT\system32\qkutt.dat
Removed! : C:\WINNT\system32\qqeae.dat
Removed! : C:\WINNT\system32\rcxyz.dat
Removed! : C:\WINNT\system32\rkpty.dat
Removed! : C:\WINNT\system32\rkrdl.dll
Removed! : C:\WINNT\system32\rlacu.dat
Removed! : C:\WINNT\system32\sdgrq.dat
Removed! : C:\WINNT\system32\sdkbe.exe
Removed! : C:\WINNT\system32\sdkxd.exe
Removed! : C:\WINNT\system32\seiac.dat
Removed! : C:\WINNT\system32\sysxk.exe
Removed! : C:\WINNT\system32\taqfy.dat
Removed! : C:\WINNT\system32\tilsd.dat
Removed! : C:\WINNT\system32\tnqsp.dat
Removed! : C:\WINNT\system32\ujrlp.dll
Removed! : C:\WINNT\system32\uxnaw.dat
Removed! : C:\WINNT\system32\uxnaw.dll
Removed! : C:\WINNT\system32\uzwaw.dll
Removed! : C:\WINNT\system32\vgkzc.dat
Removed! : C:\WINNT\system32\vjepw.dat
Removed! : C:\WINNT\system32\vqfqm.dat
Removed! : C:\WINNT\system32\vuxtf.dat
Removed! : C:\WINNT\system32\wkqwk.dll
Removed! : C:\WINNT\system32\wpigy.dat
Removed! : C:\WINNT\system32\xldsl.dll
Removed! : C:\WINNT\system32\xmyfc.dat
Removed! : C:\WINNT\system32\xpqgh.dll
Removed! : C:\WINNT\system32\xtjea.dat
Removed! : C:\WINNT\system32\xtynh.dll
Removed! : C:\WINNT\system32\xywhv.dat
Removed! : C:\WINNT\system32\xzrzk.dat
Removed! : C:\WINNT\system32\yajzl.dat
Removed! : C:\WINNT\system32\ycbel.dat
Removed! : C:\WINNT\system32\ydech.dat
Removed! : C:\WINNT\system32\yhnyo.dll
Removed! : C:\WINNT\system32\ylabo.dll
Removed! : C:\WINNT\system32\zflbz.dat
Removed! : C:\WINNT\system32\zmlnn.dat
Removed! : C:\WINNT\system32\zphux.dll
Removed! : C:\WINNT\system32\zwfvz.dll
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Removed! : C:\WINNT\bwfikh.dat
Attempted Clean Of Temp folder.
Pages Reset... Done!



i will see if it works now. and i will re post if i have any problems
thank you
  • 0

#14
mr joshua
Posted 22 February 2005 - 09:47 PM

mr joshua

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
hello
yeah it still doesmt work? this is frustrating? could it have anything do do with the "missing shell.dll" error?

should i just reload windows? i just dunno

thank you
  • 0

#15
coachwife6
Posted 23 February 2005 - 04:43 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
No. Don't reload windows. We'll get this. Give me a couple of hours and I'll get back with you. :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP