Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

C:\windows\system32\msblank [RESOLVED]

Started by Den-Jes , Dec 19 2005 06:47 PM

This topic is locked

#1 $C:\windows\system32\msblank [RESOLVED]: post #1$
Den-Jes

Posted 19 December 2005 - 06:47 PM

New Member

Member
7 posts

The problems started when I upgraded norton antivirus from 2005 to 2006. Now I can't control what homepage I want and the system runs very slow, or won't even open a webpage. I did all the steps and these are the remaining problems. This is my hy jack this file I just ran:
Logfile of HijackThis v1.99.1
Scan saved at 7:40:44 PM, on 12/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\WDC\SetIcon.exe
C:\WINDOWS\system32\popcorn72.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpyKiller\spykiller.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\KP85SPUD\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - {D5882AF9-E5FB-CA69-D979-6386829CA867} - LOPTCON.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [SpyElim] br0ken.exe
O4 - HKLM\..\Run: [newbreed] ERTYDF.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [PurgeIE] "C:\PROGRA~1\PURGEIE\PURGEIE.EXE" BOOT
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [progmen] driver64.exe
O4 - HKCU\..\Run: [TorontoMail] wormexe.exe
O4 - HKCU\..\Run: [systemdll] BoundRec.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Data LifeGuard LifeLine Lite installer.lnk = C:\Documents and Settings\new\Local Settings\Temp\ins1.tmp\DLGLI1.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A4C1B77-201A-4C6C-BF3F-137DF703672E}: NameServer = 85.255.113.142,85.255.112.119
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8EF073E-BDC6-448C-9BB2-29232FCBFB35}: NameServer = 85.255.113.142,85.255.112.119
O17 - HKLM\System\CCS\Services\Tcpip\..\{E278A10B-6495-43EB-824E-388BBD21A90D}: NameServer = 85.255.113.142,85.255.112.119
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

:tazz:

#2 $C:\windows\system32\msblank [RESOLVED]: post #2$
therock247uk

Posted 02 January 2006 - 10:02 AM

Expert

Expert
14,672 posts

Being helped in chat.

#3 $C:\windows\system32\msblank [RESOLVED]: post #3$
Den-Jes

Posted 02 January 2006 - 10:14 AM

New Member

Topic Starter
Member
7 posts

Logfile of HijackThis v1.99.1
Scan saved at 11:12:10 AM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\WDC\SetIcon.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpyKiller\spykiller.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\STG3GNS7\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - {D5882AF9-E5FB-CA69-D979-6386829CA867} - LOPTCON.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [SpyElim] br0ken.exe
O4 - HKLM\..\Run: [newbreed] ERTYDF.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [PurgeIE] "C:\PROGRA~1\PURGEIE\PURGEIE.EXE" BOOT
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [progmen] driver64.exe
O4 - HKCU\..\Run: [TorontoMail] wormexe.exe
O4 - HKCU\..\Run: [systemdll] BoundRec.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Data LifeGuard LifeLine Lite installer.lnk = C:\Documents and Settings\new\Local Settings\Temp\ins1.tmp\DLGLI1.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A4C1B77-201A-4C6C-BF3F-137DF703672E}: NameServer = 85.255.113.142,85.255.112.119
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8EF073E-BDC6-448C-9BB2-29232FCBFB35}: NameServer = 85.255.113.142,85.255.112.119
O17 - HKLM\System\CCS\Services\Tcpip\..\{E278A10B-6495-43EB-824E-388BBD21A90D}: NameServer = 85.255.113.142,85.255.112.119
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#4 $C:\windows\system32\msblank [RESOLVED]: post #4$
therock247uk

Posted 02 January 2006 - 10:18 AM

Expert

Expert
14,672 posts

Move Hijackthis to a real folder i.e c:\hjt so backups can be made.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from:
http://swandog46.gee.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

O17 - HKLM\System\CCS\Services\Tcpip\..\{4A4C1B77-201A-4C6C-BF3F-137DF703672E}: NameServer = 85.255.113.142,85.255.112.119
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8EF073E-BDC6-448C-9BB2-29232FCBFB35}: NameServer = 85.255.113.142,85.255.112.119
O17 - HKLM\System\CCS\Services\Tcpip\..\{E278A10B-6495-43EB-824E-388BBD21A90D}: NameServer = 85.255.113.142,85.255.112.119

Click FIX CHECKED. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log into this topic.

#5 $C:\windows\system32\msblank [RESOLVED]: post #5$
Den-Jes

Posted 02 January 2006 - 06:15 PM

New Member

Topic Starter
Member
7 posts

Fixwareout ver 1.003
Last edited 12/5/2005
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\hxsmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\CSWCV.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool
Logfile of HijackThis v1.99.1
Scan saved at 7:04:19 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpyKiller\spykiller.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Symantec Shared\Security

Console\NSCSRVCE.EXE
C:\Program Files\Hi Jack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - {D5882AF9-E5FB-CA69-D979-6386829CA867}

- LOPTCON.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -

C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO -

{A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program

Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class -

{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -

C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security -

{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common

Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Viewpoint Toolbar -

{F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program

Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B}

- C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD

Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client

Foundation\CFD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint

Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [SpyElim] br0ken.exe
O4 - HKLM\..\Run: [newbreed] ERTYDF.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton

AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016}

/MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton

Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software

Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe

rundll.dll,LoadMouseProfile
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe

/startup
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [PurgeIE] "C:\PROGRA~1\PURGEIE\PURGEIE.EXE" BOOT
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program

Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [progmen] driver64.exe
O4 - HKCU\..\Run: [TorontoMail] wormexe.exe
O4 - HKCU\..\Run: [systemdll] BoundRec.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft

Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft

Office\Office\OSA.EXE
O4 - Startup: Data LifeGuard LifeLine Lite installer.lnk = C:\Documents

and Settings\new\Local Settings\Temp\ins1.tmp\DLGLI1.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program

Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -

res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program

Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -

res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -

res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O23 - Service: APC UPS Service - American Power Conversion Corporation

- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation

- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation

- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc.

- C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program

Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -

Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -

Symantec Corporation - C:\Program Files\Norton

AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\Security

Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development

Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation -

C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development

Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation -

C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#6 $C:\windows\system32\msblank [RESOLVED]: post #6$
therock247uk

Posted 02 January 2006 - 06:26 PM

Expert

Expert
14,672 posts

Can you please post a new log with out wordwrap on (it makes all them spaces and makes it hard to read)

#7 $C:\windows\system32\msblank [RESOLVED]: post #7$
Den-Jes

Posted 02 January 2006 - 06:35 PM

New Member

Topic Starter
Member
7 posts

Sorry, I new at this.
Logfile of HijackThis v1.99.1
Scan saved at 7:04:19 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpyKiller\spykiller.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hi Jack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - {D5882AF9-E5FB-CA69-D979-6386829CA867} - LOPTCON.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [SpyElim] br0ken.exe
O4 - HKLM\..\Run: [newbreed] ERTYDF.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [PurgeIE] "C:\PROGRA~1\PURGEIE\PURGEIE.EXE" BOOT
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [progmen] driver64.exe
O4 - HKCU\..\Run: [TorontoMail] wormexe.exe
O4 - HKCU\..\Run: [systemdll] BoundRec.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Data LifeGuard LifeLine Lite installer.lnk = C:\Documents and Settings\new\Local Settings\Temp\ins1.tmp\DLGLI1.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Fixwareout ver 1.003
Last edited 12/5/2005
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\hxsmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\CSWCV.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

#8 $C:\windows\system32\msblank [RESOLVED]: post #8$
therock247uk

Posted 02 January 2006 - 07:19 PM

Expert

Expert
14,672 posts

Please download ewido security suite it is a trial version of the program.

Install ewido security suite
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update
Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

Open Ewido again

Click on scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.

Now close ewido security suite.

Reboot and Post the report Ewido made and a new Hijackthis log here in a reply.

#9 $C:\windows\system32\msblank [RESOLVED]: post #9$
Den-Jes

Posted 03 January 2006 - 08:08 PM

New Member

Topic Starter
Member
7 posts

Logfile of HijackThis v1.99.1
Scan saved at 9:05:02 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpyKiller\spykiller.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Palm\HOTSYNC.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hi Jack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - {D5882AF9-E5FB-CA69-D979-6386829CA867} - LOPTCON.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [SpyElim] br0ken.exe
O4 - HKLM\..\Run: [newbreed] ERTYDF.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [PurgeIE] "C:\PROGRA~1\PURGEIE\PURGEIE.EXE" BOOT
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [progmen] driver64.exe
O4 - HKCU\..\Run: [TorontoMail] wormexe.exe
O4 - HKCU\..\Run: [systemdll] BoundRec.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Data LifeGuard LifeLine Lite installer.lnk = C:\Documents and Settings\new\Local Settings\Temp\ins1.tmp\DLGLI1.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:58:59 PM, 1/3/2006
+ Report-Checksum: 5AA898C7

+ Scan result:

C:\My Documents\Noadware backup\noadware backup 1.zip/dennis [email protected][2].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\My Documents\Noadware backup\noadware backup 1.zip/dennis lis@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\My Documents\Noadware backup\noadware backup.zip/dennis [email protected][2].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\My Documents\Noadware backup\noadware backup.zip/dennis lis@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Recycled\Dc3.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
C:\Recycled\Dc4.exe -> Downloader.Small.awa : Cleaned with backup
C:\Recycled\Dc6.dat -> Downloader.Small.awa : Cleaned with backup
C:\Recycled\Dc7.dat -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
C:\WINDOWS\system32\cswcv.exe -> Downloader.Small : Cleaned with backup
C:\WINDOWS\system32\howiper.exe -> Trojan.Qhost.df : Cleaned with backup
C:\WINDOWS\system32\sphlp32.exe -> Spyware.FindSpy : Cleaned with backup
C:\WINDOWS\system32\pppcgm.exe -> Spyware.Msnagent : Cleaned with backup
C:\WINDOWS\system32\filesafer23.exe -> Hijacker.Small : Cleaned with backup
C:\Documents and Settings\new\My Documents\Noadware backup\noadware backup.zip/dennis [email protected][2].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\new\My Documents\Noadware backup\noadware backup.zip/dennis lis@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\new\My Documents\Noadware backup\noadware backup 1.zip/dennis [email protected][2].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\new\My Documents\Noadware backup\noadware backup 1.zip/dennis lis@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\new\Cookies\[email protected][2].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\new\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\new\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP134\A0065185.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP134\A0065191.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP136\A0065504.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP136\A0065511.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP136\A0066487.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP136\A0066491.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP136\A0067488.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP136\A0067492.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP136\A0068488.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP136\A0068492.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP136\A0069488.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP136\A0069491.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP136\A0070488.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP136\A0070491.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP136\A0071488.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP136\A0071491.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP137\A0072495.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP137\A0072498.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP137\A0073486.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP137\A0073493.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP139\A0074486.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP139\A0074493.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP139\A0075487.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP139\A0075491.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0075506.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0075514.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0076506.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0076513.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0076519.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0076526.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0076532.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0076539.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0076550.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0076555.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0077552.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0077555.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0078551.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0078555.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0078565.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0078572.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0078578.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0078585.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079578.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079584.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079597.exe -> Downloader.Agent.sy : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079599.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079606.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079612.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079620.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079625.EXE -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079631.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079638.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079644.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079655.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079663.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079670.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079677.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079685.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079693.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079702.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0079709.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0080703.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0080708.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0081702.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0081707.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0082702.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0082710.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0082720.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0082723.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0083718.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP140\A0083726.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0088036.exe -> Trojan.Favadd.an : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0083818.exe -> Downloader.Agent.sy : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0088037.exe -> Trojan.Qhost.df : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0084721.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0084724.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0088038.exe -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085718.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085723.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085728.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085736.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085738.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085743.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085842.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085849.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085852.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085858.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085866.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085874.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085876.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085884.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085886.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085893.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085896.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085905.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085929.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085938.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0085947.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0086947.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0086950.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0087004.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0088004.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{D3B0857C-5484-4B91-896F-F8BE14D92862}\RP141\A0088013.exe -> Downloader.Small : Cleaned with backup
C:\winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup

::Report End

#10 $C:\windows\system32\msblank [RESOLVED]: post #10$
therock247uk

Posted 03 January 2006 - 09:26 PM

Expert

Expert
14,672 posts

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

Click the Free Trial link under to "SpySweeper" to download the program.
Install it. Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:
- Sweep Memory
- Sweep Registry
- Sweep Cookies
- Sweep All User Accounts
- Enable Direct Disk Sweeping
- Sweep Contents of Compressed Files
- Sweep for Rootkits
- Please UNCHECK Do not Sweep System Restore Folder.
Click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.

#11 $C:\windows\system32\msblank [RESOLVED]: post #11$
Den-Jes

Posted 04 January 2006 - 08:50 PM

New Member

Topic Starter
Member
7 posts

********
8:48 PM: | Start of Session, Wednesday, January 04, 2006 |
8:48 PM: Spy Sweeper started
8:48 PM: Sweep initiated using definitions version 596
8:48 PM: Starting Memory Sweep
8:54 PM: Found Adware: cws_ns3
8:54 PM: Detected running threat: C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe (ID = 8)
8:56 PM: Memory Sweep Complete, Elapsed Time: 00:07:10
8:56 PM: Starting Registry Sweep
8:56 PM: Found Adware: elitebar
8:56 PM: HKLM\software\microsoft\code store database\distribution units\v3cab\ (8 subtraces) (ID = 125742)
8:56 PM: Found Trojan Horse: vesbiz downloader
8:56 PM: HKLM\software\microsoft\windows\currentversion\run\ || controlpanel (ID = 145540)
8:56 PM: Found Adware: searchtoolbar
8:56 PM: HKU\S-1-5-21-776561741-1580436667-1343024091-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 139177)
8:56 PM: Found Adware: quicklink search toolbar
8:56 PM: HKU\S-1-5-21-776561741-1580436667-1343024091-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 139177)
8:56 PM: Found Trojan Horse: trojan-downloader-wareout
8:56 PM: HKU\S-1-5-21-776561741-1580436667-1343024091-1003\software\microsoft\windows\currentversion\run\ || systemdll (ID = 144857)
8:56 PM: Registry Sweep Complete, Elapsed Time:00:00:29
8:56 PM: Starting Cookie Sweep
8:56 PM: Found Spy Cookie: enhance cookie
8:56 PM: [email protected][1].txt (ID = 2614)
8:56 PM: Found Spy Cookie: search123 cookie
8:56 PM: new@search123[2].txt (ID = 3305)
8:56 PM: Found Spy Cookie: go.com cookie
8:56 PM: [email protected][1].txt (ID = 2729)
8:56 PM: new@go[2].txt (ID = 2728)
8:56 PM: [email protected][2].txt (ID = 2729)
8:56 PM: Found Spy Cookie: nextag cookie
8:56 PM: new@nextag[2].txt (ID = 5014)
8:56 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
8:56 PM: Starting File Sweep
8:56 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
8:56 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
9:06 PM: Warning: Failed to open file "c:\program files\norton antivirus\savrt\0814nav~.tmp". The process cannot access the file because it is being used by another process
9:08 PM: Warning: Failed to open file "c:\program files\common files\symantec shared\ccpd-lc\symlcsys.dll". The process cannot access the file because it is being used by another process
9:08 PM: Warning: Failed to open file "c:\program files\common files\symantec shared\ccpd-lc\symlcrst.dll". The process cannot access the file because it is being used by another process
9:12 PM: Found Adware: commonname
9:12 PM: rmcomtb.dat (ID = 111038)
9:15 PM: Found Adware: idesk
9:15 PM: dc38.sys (ID = 205674)
9:19 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
9:19 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
9:19 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
9:19 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
9:19 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
9:19 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
9:19 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
9:19 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
9:19 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
9:19 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc519c60c-7b21-40ab-8305-4b27e42c0997.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs13671143-67cf-4610-a438-6471f477fbd6.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs47df0d42-00ed-400f-832b-8740a726a6c5.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8ae76ced-08f2-4e65-9f11-2e88455b2257.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5962935b-503c-40e8-a4d1-de8c1e924896.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6711e681-02f5-4e24-9de8-00bec1244ffe.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa6dbec26-55ba-4c78-b31e-080807925a8e.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs65fdf8fe-13a7-4832-af0a-a0a552a417b1.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscd7e88c6-b01c-4479-a8f0-6462d71d8334.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscseabcd76b-bcda-4a83-a551-76831f5a81c2.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9d4b05c6-cb1b-4195-a97c-1c844ac6f80a.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7ba13674-5c2f-4d02-b408-6d39ac6394a5.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6c477fde-8381-4fbb-a904-615839350a5c.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9747cea9-cfdf-4b0c-94d4-8ab730fef022.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf3870515-6600-41f5-b58b-7d5dc10b6b1f.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdb3dd2be-f6d9-4f92-9245-f6f77edbfb0b.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfb1eb6ea-7942-4ac4-b2fc-0fd1e3542d4d.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs32a590d1-cefc-404a-bbab-aedef3ab7818.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2527db65-63a3-43da-847f-a92cb21a439a.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa902bfa9-a3da-47a8-a124-da414c99c382.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc32ac489-6f41-4a8c-b9a9-910957278292.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3bd6af88-a366-4c0d-a3e6-d8007cd70a64.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8026fd79-e780-4371-ab76-4ce0d239744d.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs44c6b20f-bd52-41e3-be1a-cc11363d26c9.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs03b1b486-cd7f-4808-8c3b-58cae3e02c9c.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs21f021f4-1b14-4748-bc18-eb6b2b992fde.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsea6a0829-dc77-4ccd-8118-f2e53cc838f9.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaf3c3485-7e0d-421f-a6e5-a13000360541.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs79f7c1df-4ffe-4db4-9d2b-0998319e4acc.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs771397a0-31b6-437f-a1c3-355a954a38d3.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsccf7519b-e6b9-4aae-8eb4-256dc58c0c33.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5b8294e8-af1e-48e0-9e85-6271f851017c.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf99f7216-c35c-48d5-9595-072d0d0a2ea9.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfd64277e-7e18-486d-93e4-3d63bb691a9f.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3bfda267-a23e-4548-ac71-36f2a83b1089.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs527293e1-dc42-4c14-91fe-a20011dc4c45.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5ec0387f-6256-4f6c-98fd-b4bb09ea8b35.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdae4599c-f144-41b4-bf62-842ca1d4c3d7.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf6a7ab49-c93b-450b-8dae-f6343d2486d0.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd33e3025-83bb-4d63-8b4e-4bcfb27d8dab.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsadf2f2ab-1675-483d-9f5a-de1cc2bc1e20.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse941a98a-ecbc-43ac-b626-e44074cffb40.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsae341a42-1df6-4fba-abc5-a435329239c3.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsffb72233-ca82-4541-90f7-19395e85471e.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs209a837e-1e34-4712-8bd0-94c32a746b58.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa30c77ad-0c6f-4386-848b-b6c40ca4392d.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdde4cc5e-ed44-45ef-928a-99452fe619c0.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs67485b33-5e88-445f-867f-49580eec00ff.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs039eeea5-a6b5-434a-984c-057c0c5bbe72.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4bb6fbf4-3779-4288-85c0-5059c8a0fbc3.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs18e46d36-df41-4a86-bc2d-f7939c3e4aff.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5a2826e6-3d77-4901-a48b-e4002a00362c.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs63ce08a9-d883-4c9b-8009-a15feac6c6ea.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsffd0ed32-550f-4db4-99d8-59007be98e75.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb5033ce2-4442-4660-87a4-fdd94b12f80c.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs77e3688c-9d96-4859-b877-1fb54c21c972.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf6204f91-9b7c-4fab-8ae1-51c50d37b6a6.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4e2cfcfe-07a7-4d10-9c78-04eef0b2d25b.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2a9e2c0e-a492-4aa9-84f7-e4d39e33f73a.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb28bff05-c4d4-490f-83e3-62b64b2425c1.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6dd669ea-48d2-4257-82e5-fdf776531dbd.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa8c9b726-8f61-43c2-b72a-53436bea38bf.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3bdfecc0-e4f4-4a01-a057-fd7915b83cf6.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4b509aa4-27c3-4c40-8f95-355681daf2dd.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsca80ca41-b19b-404d-9ffa-41c5f685bff1.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs43cd9fc4-5140-4716-9283-97d4c37c2bd0.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc23fc10c-c91a-406d-970a-2189d947f4e9.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1b2428b2-26bf-490a-9b98-25257b664f85.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8b803b99-5aed-4217-9706-befcaaa4b265.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf2bd11af-740f-4170-aa08-fd6f373168e2.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6eefe5f7-5a2a-425a-91f8-7385e452c886.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc1a89c5e-95d8-4b8e-924c-c9749bcec933.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4fe84db9-e8e6-4524-86b4-e72dc9e198a8.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc06a790d-9281-4b1e-ba55-6ffc678c518e.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsad3bd917-29fe-49ee-81dc-7af0c4a32d96.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5da180cf-c1d5-4f4f-b311-4ca7b107c8e6.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5806ea66-bf42-430e-831c-51d47eb54e04.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6f5bdfdb-f95d-45ca-b2a7-f920a3573f39.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdde3f544-099f-43ed-811f-206b6d6de55c.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf1d1028a-0a9a-4006-8656-3c18c9bddd11.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7acee348-fe74-4b4f-b638-6569bb23f156.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscbef2ea4-72d5-4b01-9dd5-515e40467842.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8a94dae6-4020-414f-b612-002faa2c0c2b.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4194f012-1f26-49e8-9b22-eef30fa8cdd9.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs37b89f68-336e-4177-b9b6-939f30b3e538.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs06c21392-7b29-4d97-a95f-e267670afa56.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6ddb94cc-1d3e-4ea5-8d6b-c9eb3e12c88c.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs20367081-2dae-4637-9f57-3ec96b84c404.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs92847dab-2c03-41be-b2c6-f3a2dcc2dbd7.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs83bf0b80-c4a4-4ebf-85d7-04c73f7262a7.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5fb63fe6-093d-4000-ad0d-24513766f98e.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc7afb59d-2a5c-4596-8465-a67a97b5cdf8.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs65238b15-90cc-4f9c-b95a-83cbac68dc11.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa7b560f0-396a-451a-a3b9-2e679a821ba1.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9b46cbaa-f098-4122-afa4-7488653be80a.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse879669f-a0cb-41eb-834e-28a9fd9ebcba.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbee4a142-91a0-4842-a3e0-ac20fde024c0.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5ad67e12-166f-44ef-89b3-85b03572c963.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs601e533c-c6bf-42f9-98c9-cbf0e180cd68.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1839a49c-042f-458e-8ccb-e9106c5c1c9d.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs24a8d35f-5ad3-43dd-a14a-44cbf1e4d78c.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9d885647-4091-4e84-8a12-bb11cad0b257.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5c992297-b69f-4b2e-a853-678b3c8cd9f1.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7aedcb5b-ba4e-4576-80cc-790b10bb8234.tmp". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\new\ntuser.dat". The process cannot access the file because it is being used by another process
9:35 PM: Warning: Failed to open file "c:\documents and settings\new\ntuser.dat.log". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\new\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\new\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:40 PM: Found Adware: unspypc
9:40 PM: a0065516.exe (ID = 209376)
9:40 PM: a0065517.exe (ID = 209378)
9:40 PM: a0065519.exe (ID = 209375)
9:41 PM: Found Trojan Horse: trojan-downloader-perlink.biz
9:41 PM: a0088059.exe (ID = 213450)
9:41 PM: Found Trojan Horse: trojan-downloader-ruin
9:41 PM: a0088060.exe (ID = 203528)
9:41 PM: a0088061.exe (ID = 209383)
9:41 PM: Found Trojan Horse: trojan-secdrop
9:41 PM: a0088062.exe (ID = 81237)
9:41 PM: a0088063.exe (ID = 125496)
9:41 PM: a0088064.exe (ID = 209443)
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Unhandled Archive Type
9:43 PM: Warning: Invalid Stream
9:43 PM: Warning: Invalid Stream
9:44 PM: File Sweep Complete, Elapsed Time: 00:48:01
9:44 PM: Full Sweep has completed. Elapsed time 00:55:45
9:44 PM: Traces Found: 31
9:45 PM: Removal process initiated
9:45 PM: Quarantining All Traces: cws_ns3
9:45 PM: Quarantining All Traces: elitebar
9:45 PM: Quarantining All Traces: trojan-downloader-ruin
9:45 PM: Quarantining All Traces: commonname
9:45 PM: Quarantining All Traces: trojan-downloader-perlink.biz
9:45 PM: Quarantining All Traces: trojan-downloader-wareout
9:45 PM: Quarantining All Traces: trojan-secdrop
9:45 PM: Quarantining All Traces: vesbiz downloader
9:45 PM: Quarantining All Traces: idesk
9:45 PM: Quarantining All Traces: quicklink search toolbar
9:45 PM: Quarantining All Traces: searchtoolbar
9:45 PM: Quarantining All Traces: unspypc
9:46 PM: Quarantining All Traces: enhance cookie
9:46 PM: Quarantining All Traces: go.com cookie
9:46 PM: Quarantining All Traces: nextag cookie
9:46 PM: Quarantining All Traces: search123 cookie
9:46 PM: Removal process completed. Elapsed time 00:01:13
********
8:31 PM: | Start of Session, Wednesday, January 04, 2006 |
8:31 PM: Spy Sweeper started
8:47 PM: Your spyware definitions have been updated.
8:47 PM: Your definitions are up to date.
8:48 PM: | End of Session, Wednesday, January 04, 2006 |

#12 $C:\windows\system32\msblank [RESOLVED]: post #12$
therock247uk

Posted 05 January 2006 - 07:43 AM

Expert

Expert
14,672 posts

Post a new Hijackthis log here in a reply.

#13 $C:\windows\system32\msblank [RESOLVED]: post #13$
Den-Jes

Posted 05 January 2006 - 07:23 PM

New Member

Topic Starter
Member
7 posts

Logfile of HijackThis v1.99.1
Scan saved at 8:22:22 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpyKiller\spykiller.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hi Jack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - {D5882AF9-E5FB-CA69-D979-6386829CA867} - LOPTCON.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [SpyElim] br0ken.exe
O4 - HKLM\..\Run: [newbreed] ERTYDF.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [PurgeIE] "C:\PROGRA~1\PURGEIE\PURGEIE.EXE" BOOT
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [progmen] driver64.exe
O4 - HKCU\..\Run: [TorontoMail] wormexe.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Data LifeGuard LifeLine Lite installer.lnk = C:\Documents and Settings\new\Local Settings\Temp\ins1.tmp\DLGLI1.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#14 $C:\windows\system32\msblank [RESOLVED]: post #14$
therock247uk

Posted 05 January 2006 - 08:22 PM

Expert

Expert
14,672 posts

1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.u...tion=view&id=34

2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

3. Go to Start > Settings > Control Panel > Add/Remove and uninstall the following. (if present)

Viewpoint Toolbar
Viewpoint Manager

Also uninstall these as they are rouge http://www.spywarewa...nti-spyware.htm

SpyHunter
Spykiller
BestPopupKiller
UnSpyPC

4. While still in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - {D5882AF9-E5FB-CA69-D979-6386829CA867} - LOPTCON.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SpyElim] br0ken.exe
O4 - HKLM\..\Run: [newbreed] ERTYDF.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [progmen] driver64.exe
O4 - HKCU\..\Run: [TorontoMail] wormexe.exe
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe

5. Delete the folders. (if present)

C:\Program Files\Viewpoint
C:\Program Files\Enigma Software Group
C:\Program Files\SpyKiller
C:\Program Files\BestPopUpKiller\
C:\Program Files\UnSpyPC

6. Delete the files. (if present)

These files might either be found in C:\ C:\Windows or C:\Windows\System32 if found delete.

br0ken.exe
ERTYDF.exe
driver64.exe
wormexe.exe

7. Reboot and post a new Hijackthis log here in a reply.

#15 $C:\windows\system32\msblank [RESOLVED]: post #15$
therock247uk

Posted 19 January 2006 - 06:59 PM

Expert

Expert
14,672 posts

User got helped at my site since they could not connect to geekstogo for some reason...

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

As Featured On:

Geeks to Go Forum 343,511 topics
Quick Links FAQ Malware Cleaning Guide How it Works
Downloads 2+ million

View New Content

C:\windows\system32\msblank [RESOLVED]

#1 $C:\windows\system32\msblank [RESOLVED]: post #1$
Den-Jes

Posted 19 December 2005 - 06:47 PM

Advertisements

#2 $C:\windows\system32\msblank [RESOLVED]: post #2$
therock247uk

Posted 02 January 2006 - 10:02 AM

#3 $C:\windows\system32\msblank [RESOLVED]: post #3$
Den-Jes

Posted 02 January 2006 - 10:14 AM

#4 $C:\windows\system32\msblank [RESOLVED]: post #4$
therock247uk

Posted 02 January 2006 - 10:18 AM

#5 $C:\windows\system32\msblank [RESOLVED]: post #5$
Den-Jes

Posted 02 January 2006 - 06:15 PM

#6 $C:\windows\system32\msblank [RESOLVED]: post #6$
therock247uk

Posted 02 January 2006 - 06:26 PM

#7 $C:\windows\system32\msblank [RESOLVED]: post #7$
Den-Jes

Posted 02 January 2006 - 06:35 PM

#8 $C:\windows\system32\msblank [RESOLVED]: post #8$
therock247uk

Posted 02 January 2006 - 07:19 PM

#9 $C:\windows\system32\msblank [RESOLVED]: post #9$
Den-Jes

Posted 03 January 2006 - 08:08 PM

#10 $C:\windows\system32\msblank [RESOLVED]: post #10$
therock247uk

Posted 03 January 2006 - 09:26 PM

Advertisements

#11 $C:\windows\system32\msblank [RESOLVED]: post #11$
Den-Jes

Posted 04 January 2006 - 08:50 PM

#12 $C:\windows\system32\msblank [RESOLVED]: post #12$
therock247uk

Posted 05 January 2006 - 07:43 AM

#13 $C:\windows\system32\msblank [RESOLVED]: post #13$
Den-Jes

Posted 05 January 2006 - 07:23 PM

#14 $C:\windows\system32\msblank [RESOLVED]: post #14$
therock247uk

Posted 05 January 2006 - 08:22 PM

#15 $C:\windows\system32\msblank [RESOLVED]: post #15$
therock247uk

Posted 19 January 2006 - 06:59 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

C:\windows\system32\msblank [RESOLVED]

#1 Den-Jes Posted 19 December 2005 - 06:47 PM

Advertisements

#2 therock247uk Posted 02 January 2006 - 10:02 AM

#3 Den-Jes Posted 02 January 2006 - 10:14 AM

#4 therock247uk Posted 02 January 2006 - 10:18 AM

#5 Den-Jes Posted 02 January 2006 - 06:15 PM

#6 therock247uk Posted 02 January 2006 - 06:26 PM

#7 Den-Jes Posted 02 January 2006 - 06:35 PM

#8 therock247uk Posted 02 January 2006 - 07:19 PM

#9 Den-Jes Posted 03 January 2006 - 08:08 PM

#10 therock247uk Posted 03 January 2006 - 09:26 PM

Advertisements

#11 Den-Jes Posted 04 January 2006 - 08:50 PM

#12 therock247uk Posted 05 January 2006 - 07:43 AM

#13 Den-Jes Posted 05 January 2006 - 07:23 PM

#14 therock247uk Posted 05 January 2006 - 08:22 PM

#15 therock247uk Posted 19 January 2006 - 06:59 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1 $C:\windows\system32\msblank [RESOLVED]: post #1$
Den-Jes

Posted 19 December 2005 - 06:47 PM

#2 $C:\windows\system32\msblank [RESOLVED]: post #2$
therock247uk

Posted 02 January 2006 - 10:02 AM

#3 $C:\windows\system32\msblank [RESOLVED]: post #3$
Den-Jes

Posted 02 January 2006 - 10:14 AM

#4 $C:\windows\system32\msblank [RESOLVED]: post #4$
therock247uk

Posted 02 January 2006 - 10:18 AM

#5 $C:\windows\system32\msblank [RESOLVED]: post #5$
Den-Jes

Posted 02 January 2006 - 06:15 PM

#6 $C:\windows\system32\msblank [RESOLVED]: post #6$
therock247uk

Posted 02 January 2006 - 06:26 PM

#7 $C:\windows\system32\msblank [RESOLVED]: post #7$
Den-Jes

Posted 02 January 2006 - 06:35 PM

#8 $C:\windows\system32\msblank [RESOLVED]: post #8$
therock247uk

Posted 02 January 2006 - 07:19 PM

#9 $C:\windows\system32\msblank [RESOLVED]: post #9$
Den-Jes

Posted 03 January 2006 - 08:08 PM

#10 $C:\windows\system32\msblank [RESOLVED]: post #10$
therock247uk

Posted 03 January 2006 - 09:26 PM

#11 $C:\windows\system32\msblank [RESOLVED]: post #11$
Den-Jes

Posted 04 January 2006 - 08:50 PM

#12 $C:\windows\system32\msblank [RESOLVED]: post #12$
therock247uk

Posted 05 January 2006 - 07:43 AM

#13 $C:\windows\system32\msblank [RESOLVED]: post #13$
Den-Jes

Posted 05 January 2006 - 07:23 PM

#14 $C:\windows\system32\msblank [RESOLVED]: post #14$
therock247uk

Posted 05 January 2006 - 08:22 PM

#15 $C:\windows\system32\msblank [RESOLVED]: post #15$
therock247uk

Posted 19 January 2006 - 06:59 PM