Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

heres a log file of hijack this? fixes plz?


  • This topic is locked This topic is locked
35 replies to this topic

#1 Kevin3310

Kevin3310

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 22 July 2005 - 04:34 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:39:56 PM, on 07/21/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005 Client\aaclient.exe
C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005\aaserver.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\kernel33.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\sstray.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system\lsass.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\m?iexec.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midnitechallenge.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.midnitechallenge.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midnitechallenge.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.midnitechallenge.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\\system32\userinit.exe,
O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\System32\WinStat12.dll
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\john\LOCALS~1\Temp\2005418144545_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Kernel33 Bootup] kernel33.exe
O4 - HKLM\..\Run: [[Ephemeral 2.5] by TreeHugger, ] C:\DOCUME~1\john\LOCALS~1\Temp\13.tmp.exe
O4 - HKLM\..\Run: [xfGDfogPg] C:\WINDOWS\mlrcae.exe
O4 - HKLM\..\Run: [wzservice] hess.exe
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [WindowsPrintServices] task.exe
O4 - HKLM\..\Run: [Windows Update] Update32.exe
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [Windows Startup] svhost33.exe
O4 - HKLM\..\Run: [Windows Sound Manager] SndMon32.exe
O4 - HKLM\..\Run: [Windows Network Controller] WinxPupd.exe
O4 - HKLM\..\Run: [Windows Media Player] msams.exe
O4 - HKLM\..\Run: [Windows Compliant] dehqof.exe
O4 - HKLM\..\Run: [window2] wintime.exe
O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\Run: [Win32 Network Driver] crss.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Video Process] chragsd.exe
O4 - HKLM\..\Run: [usbdrv] servicetask.exe
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [Task Help] wualcts.exe
O4 - HKLM\..\Run: [System32 TCP Manager] systcpm.exe
O4 - HKLM\..\Run: [syste.exe] servi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Starting up] wvsvc.exe
O4 - HKLM\..\Run: [start uploading] crsss.exe
O4 - HKLM\..\Run: [start extracting] spoolvs.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [serv service] plyer0.exe
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [s3FX3nP] tsbninst.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QF6U] C:\WINDOWS\mlrcae.exe
O4 - HKLM\..\Run: [qbgdlh] C:\WINDOWS\System32\ptkjkgd.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NDIS Adapter] ndis.exe
O4 - HKLM\..\Run: [Narrator] C:\WINDOWS\System32\wkwogg.exe
O4 - HKLM\..\Run: [MSWindows SysCl] mscl32.exe
O4 - HKLM\..\Run: [msrepair] msrepair.exe
O4 - HKLM\..\Run: [MSN Update] msn32.exe
O4 - HKLM\..\Run: [MS Windows Update] scguard.exe
O4 - HKLM\..\Run: [motoin] C:\WINDOWS\mm15201518.Stub.exe
O4 - HKLM\..\Run: [Microsoftvirus] sysoverload.exe
O4 - HKLM\..\Run: [MicrosoftUpdates] syshelped.exe
O4 - HKLM\..\Run: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\Run: [Microsofts Legacy Support] java.exe
O4 - HKLM\..\Run: [Microsoftkeysds] lass32.exe
O4 - HKLM\..\Run: [Microsoftkeysd] systemproc.exe
O4 - HKLM\..\Run: [Microsoft WinUpdate] winsup.exe
O4 - HKLM\..\Run: [Microsoft Windows W32 Services] mssw32.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 - HKLM\..\Run: [Microsoft Virual Machine] sms.exe
O4 - HKLM\..\Run: [Microsoft Update Debugger] wincfg32.exe
O4 - HKLM\..\Run: [Microsoft Intrenet Explorer] winadh.exe
O4 - HKLM\..\Run: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe
O4 - HKLM\..\Run: [lexplore] lexplore.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Internet Explorer] iexplore.exe
O4 - HKLM\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\Run: [Firewall Updater] msnupdateit.exe
O4 - HKLM\..\Run: [etbrun] c:\windows\system32\elitervk32.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [cvsb] C:\WINDOWS\cvsb.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\lzybpvg.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [C.exe] C:\windows\temp\C.exe
O4 - HKLM\..\Run: [C] C:\windows\temp\C.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AITwoLoaderEnvSrvAITwoUpdater] "C:\DOCUME~1\john\LOCALS~1\Temp\~compoundinst0\ai_update_loader.exe"
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKLM\..\Run: [.WMAudio] C:\WINDOWS\system\lsass.exe
O4 - HKLM\..\Run: [*windows update] wruauclt.exe
O4 - HKLM\..\RunServices: [Win32 Network Driver] crss.exe
O4 - HKLM\..\RunServices: [System32 TCP Manager] systcpm.exe
O4 - HKLM\..\RunServices: [Windows Startup] svhost33.exe
O4 - HKLM\..\RunServices: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKLM\..\RunServices: [Kernel33 Bootup] kernel33.exe
O4 - HKLM\..\RunServices: [HP Deskjet 500] HP_DeskJet_500.exe
O4 - HKLM\..\RunServices: [Microsoftkeysds] lass32.exe
O4 - HKLM\..\RunServices: [window2] wintime.exe
O4 - HKLM\..\RunServices: [serv service] plyer0.exe
O4 - HKLM\..\RunServices: [Windows Network Controller] WinxPupd.exe
O4 - HKLM\..\RunServices: [Firewall Updater] msnupdateit.exe
O4 - HKLM\..\RunOnce: [Kernel33 Bootup] kernel33.exe
O4 - HKCU\..\Run: [Kernel33 Bootup] kernel33.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msdvdopt] C:\WINDOWS\System32\msdvdopt.exe
O4 - HKCU\..\Run: [Hkpp] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Eaer] C:\Documents and Settings\john\Application Data\uooo.exe
O4 - HKCU\..\RunServices: [start uploading] crsss.exe
O4 - HKCU\..\RunServices: [start extracting] spoolvs.exe
O4 - HKCU\..\RunOnce: [Kernel33 Bootup] kernel33.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118342271639
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O21 - SSODL: mtklefa - {77F0B5FD-93B3-4ACF-6F9D-DFD5C0B24AAA} - C:\WINDOWS\System32\igsvzd32.dll (file missing)
O23 - Service: Ad-Axis Client - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005 Client\aaclient.exe" --debug --noop --service "Ad-Axis Client (file missing)
O23 - Service: Ad-Axis Server - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005\aaserver.exe" --debug --noop --trace --service "Ad-Axis Server (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: COM-service to IMAPI communicating engine (ImapiClient) - Unknown owner - C:\WINDOWS\System32\imapi32.exe (file missing)
O23 - Service: Task Help (TskHlp) - Unknown owner - C:\WINDOWS\System32\wualcts.exe" -netsvcs (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




thk u very much

Mod Edit - Moved to appropriate forum - Leurgy

Edited by Leurgy, 22 July 2005 - 06:52 AM.


BC AdBot (Login to Remove)

 


#2 Kevin3310

Kevin3310
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 23 July 2005 - 12:42 AM

anybody answer plz

#3 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 24 July 2005 - 07:04 AM

Hi Kevin3310 and Welcome to the Bleeping Computer!

Thats a mess in there,this will take a few passes to get us headed in the right direction!

Please Download the MWAV Scanner from Here

Unzip it to its predetermined Directory (C:\Kaspersky)

Locate "kavupd.exe" in the New Folder and Double Click to Update!

If you it says the signatures are more than 30 days old, keep trying!
Keep trying until you get the actual signatures!

When you see "Updates downloaded Successfully"

Please Press Enter to Continue and Close the Scanner for now!



Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.



Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam


From MWAVs(Kaspersky)Folder-> Locate and Double Click mwavscan.com to launch the Scanner-> Leave the "Default Settings ticked" and add a "tick"-> "Drives" -> this will light up "All Drives"-> add a tick to "Scan all Files"-> Click "Scan Clean" to begin!

This Scan will take Several Hours or more to Complete,Depending on the Hard Drive Size!

Please be sure it is Completed before proceeding!

Once the Scan has finished,All entries Identified as Infected will displayed in the lower pane!

Highlight everything that is inside the lower pane and press Ctrl+C at the same time to Copy!

Open a Blank Notepad Page and Paste the results (Ctrl+V) to it!

Post those results back here!



Open Ewido Security Suite-> Scan the entire System-> Clean everything it finds and Be sure to Click the Button to Save a Report!

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>Close>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


Post back with a fresh HijackThis log and the reports from MWAV-> Ewido and Panda!

#4 Kevin3310

Kevin3310
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 25 July 2005 - 03:22 AM

Heres a Hijack this logfile after ur directions

Logfile of HijackThis v1.99.1
Scan saved at 10:21:50 PM, on 07/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005 Client\aaclient.exe
C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005\aaserver.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midnitechallenge.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.midnitechallenge.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midnitechallenge.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.midnitechallenge.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [Windows Startup] svhost33.exe
O4 - HKLM\..\Run: [Windows Compliant] dehqof.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [Task Help] wualcts.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [s3FX3nP] tsbninst.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msrepair] msrepair.exe
O4 - HKLM\..\Run: [Microsoftvirus] sysoverload.exe
O4 - HKLM\..\Run: [MicrosoftUpdates] syshelped.exe
O4 - HKLM\..\Run: [Microsofts Legacy Support] java.exe
O4 - HKLM\..\Run: [Microsoft Windows W32 Services] mssw32.exe
O4 - HKLM\..\Run: [Microsoft Intrenet Explorer] winadh.exe
O4 - HKLM\..\Run: [lexplore] lexplore.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Firewall Updater] msnupdateit.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [C.exe] C:\windows\temp\C.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [*windows update] wruauclt.exe
O4 - HKLM\..\RunServices: [window2] wintime.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118342271639
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O23 - Service: Ad-Axis Client - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005 Client\aaclient.exe" --debug --noop --service "Ad-Axis Client (file missing)
O23 - Service: Ad-Axis Server - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005\aaserver.exe" --debug --noop --trace --service "Ad-Axis Server (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: COM-service to IMAPI communicating engine (ImapiClient) - Unknown owner - C:\WINDOWS\System32\imapi32.exe (file missing)
O23 - Service: Task Help (TskHlp) - Unknown owner - C:\WINDOWS\System32\wualcts.exe" -netsvcs (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Heres a Mwavscan logfile

File C:\WINDOWS\System32\WinStat12.dll tagged as not-a-virus:AdWare.Winsta.a. No Action Taken.
File C:\WINDOWS\SYSTEM32\kernel33.exe infected by "Backdoor.Win32.Wootbot.gen" Virus. Action Taken: File Renamed.
File C:\WINDOWS\a65d.exe tagged as not-a-virus:AdWare.MediaMotor.e. No Action Taken.
File C:\WINDOWS\banner.dll tagged as not-a-virus:AdWare.Banex.a. No Action Taken.
File C:\WINDOWS\dalin.exe tagged as not-a-virus:AdWare.WinAD.f. No Action Taken.
File C:\WINDOWS\lol2.exe tagged as not-a-virus:AdWare.WinAD.f. No Action Taken.
File C:\WINDOWS\msv.exe tagged as not-a-virus:AdWare.WinAD.af. No Action Taken.
File C:\WINDOWS\rebatez.exe tagged as not-a-virus:AdWare.WinAD.f. No Action Taken.
File C:\WINDOWS\thin-143-1-x-x.exe tagged as not-a-virus:AdWare.BetterInternet. No Action Taken.
File C:\WINDOWS\whCC-GIANT.exe tagged as not-a-virus:AdWare.WebHancer.351. No Action Taken.
File C:\WINDOWS\System32\dust infected by "Trojan-Downloader.BAT.Ftp.i" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\i infected by "Trojan-Downloader.BAT.Ftp.ab" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\pww.exe tagged as not-a-virus:PSWTool.Win32.PassView.160. No Action Taken.
File C:\WINDOWS\System32\tadam.pif infected by "Trojan-Downloader.BAT.Ftp.z" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\tmp1.com infected by "Worm.Win32.Wilab.b" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\w32dgb.exe infected by "Trojan-DDoS.Win32.Boxed.x" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\WinStat11.dll tagged as not-a-virus:AdWare.Winsta.a. No Action Taken.
File C:\WINDOWS\System32\WinStat12.dll tagged as not-a-virus:AdWare.Winsta.a. No Action Taken.
File C:\WINDOWS\System32\x.pif infected by "Trojan-Downloader.BAT.Ftp.z" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\xc.bat infected by "Trojan-Downloader.BAT.Ftp.aj" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\y infected by "Trojan-Downloader.BAT.Ftp.ab" Virus. Action Taken: File Deleted.
File C:\bootldr3.exe tagged as not-a-virus:AdWare.WinAD.b. No Action Taken.
File C:\Documents and Settings\All Users\Documents\Counter-Strike\hltv.exe tagged as not-a-virus:Server-Proxy.Win32.Hltv. No Action Taken.
File C:\Documents and Settings\freeuser.EGG\Local Settings\Temp\uninstall.exe tagged as not-a-virus:AdWare.ToolBar.EliteBar.q. No Action Taken.
File C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\lsass.exe infected by "Trojan-DDoS.Win32.Boxed.x" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\john\Local Settings\Temp\!update.exe tagged as not-a-virus:AdWare.PurityScan.w. No Action Taken.
File C:\Documents and Settings\john\Local Settings\Temp\adlinstallwin32.exe infected by "Trojan-Downloader.Win32.IstBar.er" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\john\Local Settings\Temp\ctxad.exe tagged as not-a-virus:AdWare.PurityScan.ak. No Action Taken.
File C:\Documents and Settings\john\Local Settings\Temp\H.exe tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\Documents and Settings\john\Local Settings\Temp\i2F.tmp tagged as not-a-virus:AdWare.SurfSide.j. No Action Taken.
File C:\Documents and Settings\john\Local Settings\Temp\icVEuThQ.exe tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\Documents and Settings\john\Local Settings\Temp\iinstall.exe infected by "Trojan-Downloader.Win32.IstBar.ks" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\john\Local Settings\Temp\uninstall.exe tagged as not-a-virus:AdWare.ToolBar.EliteBar.q. No Action Taken.
File C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\2DIHYDCB\istdownload[1].exe infected by "Trojan-Downloader.Win32.IstBar.ks" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\5X5NEMFU\trk_0029[1].exe tagged as not-a-virus:AdWare.Pacer.e. No Action Taken.
File C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\6U339GNB\pcs_0002[1].exe tagged as not-a-virus:AdWare.Pacer.j. No Action Taken.
File C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\6U339GNB\TRACK2[1].CHM infected by "Trojan-Downloader.VBS.Psyme.v" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\IJQ3A9UR\pcs_0029[1].exe tagged as not-a-virus:AdWare.Pacer.j. No Action Taken.
File C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\LO51RLTF\ysb_prompt[1].htm infected by "Trojan-Downloader.JS.IstBar.j" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\N3NNNW1T\TRACK29[1].CHM infected by "Trojan-Downloader.VBS.Psyme.x" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\john\My Documents\My Music\New Folder\filez\DivXPro511Adware.exe tagged as not-a-virus:AdWare.Gator.3202. No Action Taken.
File C:\Documents and Settings\john\My Documents\My Music\programs\DivXPro511Adware.exe tagged as not-a-virus:AdWare.Gator.3202. No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9506WBD5\file[2].out infected by "Backdoor.Win32.Agent.en" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9506WBD5\js[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9506WBD5\None[1].exe tagged as not-a-virus:AdWare.WinAD.f. No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DHWVG5J7\bleep[1].exe tagged as not-a-virus:AdWare.WinAD.f. No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F8DRU4U4\AITwoUpdaterInstaller[1].exe infected by "Trojan-Downloader.Win32.Apropo.y" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F8DRU4U4\file[1].out infected by "Backdoor.Win32.Agent.en" Virus. Action Taken: File Renamed.
File C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe tagged as not-a-virus:AdWare.DelphinMedia.Viewer.f. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\CCA53E06-C2EB-479D-9408-906160\4B799830-AF5C-4F71-A09E-40ED3C tagged as not-a-virus:AdWare.PurityScan.ak. No Action Taken.
File C:\Program Files\Windows Media Player\wmplayer.exe.tmp tagged as not-a-virus:AdWare.Pacer.e. No Action Taken.
File C:\sbc.exe tagged as not-a-virus:AdWare.WinAD.g. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP111\A0079519.exe tagged as not-a-virus:AdWare.Pacer.e. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP114\A0079580.exe infected by "Trojan-Downloader.Win32.Agent.am" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP120\A0079839.exe infected by "Backdoor.Win32.Wootbot.gen" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP120\A0079840.pif infected by "Trojan-Downloader.BAT.Ftp.z" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP120\A0079841.com infected by "Worm.Win32.Wilab.b" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP120\A0079842.exe infected by "Trojan-DDoS.Win32.Boxed.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP120\A0079843.pif infected by "Trojan-Downloader.BAT.Ftp.z" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP120\A0079844.bat infected by "Trojan-Downloader.BAT.Ftp.aj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP120\A0079845.exe infected by "Trojan-DDoS.Win32.Boxed.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP31\A0051580.exe tagged as not-a-virus:AdWare.WinAD.af. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP33\A0051909.exe tagged as not-a-virus:AdWare.Pacer.e. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP33\A0052648.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP41\A0052693.dll tagged as not-a-virus:AdWare.WebSearch.al. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP41\A0052694.exe tagged as not-a-virus:AdWare.WebSearch.aj. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP41\A0052695.dll tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP41\A0052709.dll tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP41\A0052711.exe infected by "Trojan.Win32.Zapchast" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP41\A0052725.exe infected by "Trojan-Downloader.Win32.Small.asf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP42\A0052727.exe infected by "Trojan-DDoS.Win32.Boxed.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP42\A0052728.exe infected by "Trojan-DDoS.Win32.Boxed.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP42\A0052729.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP42\A0052730.exe infected by "Trojan-DDoS.Win32.Boxed.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP42\A0052742.exe tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP45\A0052773.pif infected by "Backdoor.Win32.SdBot.yn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP45\A0052786.dll tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP45\A0052787.exe tagged as not-a-virus:AdWare.WebHancer.351. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP45\A0052790.dll tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP45\A0052791.exe tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP45\A0052793.exe tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP45\A0052794.exe tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP45\A0053094.com infected by "Backdoor.Win32.Agent.jn" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP46\A0053202.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP46\A0053209.exe infected by "IM-Worm.Win32.Opanki.b" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP46\A0053240.exe infected by "IM-Worm.Win32.Opanki.b" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP46\A0053243.exe tagged as not-a-virus:AdWare.WinAD.af. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP46\A0053244.exe infected by "Backdoor.Win32.Agent.jn" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP46\A0053245.exe infected by "Backdoor.Win32.SdBot.yn" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP52\A0055414.exe infected by "IM-Worm.Win32.Opanki.b" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP52\A0055417.dll infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP59\A0056480.exe infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP59\A0056501.dll infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP60\A0056514.exe infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP60\A0056519.exe infected by "Trojan-Dropper.Win32.Small.qn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP61\A0056570.exe infected by "Backdoor.Win32.Wootbot.gen" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP66\A0056589.exe infected by "Email-Flooder.Win32.Kaboom.30" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP66\A0056593.exe infected by "Trojan-PSW.Win32.Misos" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP66\A0056594.exe tagged as not-a-virus:Monitor.Win32.KeyLog.95. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP66\A0056596.exe tagged as not-a-virus:PSWTool.Win32.LPR. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP66\A0056601.dll infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP66\A0056602.dll infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP68\A0056616.exe infected by "Email-Flooder.Win32.MailFraud" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP68\A0056619.exe infected by "Trojan.Win32.Unabomber" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP68\A0056621.exe infected by "HackTool.Win32.Haktek.11" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP69\A0060519.exe infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP69\A0060520.dll infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP69\A0060521.exe infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP69\A0060522.dll infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP69\A0060523.exe infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP69\A0060524.exe infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP69\A0060525.dll infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP69\A0060541.ocx tagged as not-a-virus:AdWare.DelphinMediaViewer.c. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP69\A0060542.dll tagged as not-a-virus:AdWare.DelphinMedia.Viewer.f. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP77\A0062794.dll infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP77\A0062806.dll infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP77\A0062815.exe infected by "Trojan-Downloader.Win32.Lastad.p" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP77\A0062816.exe infected by "Trojan-Downloader.Win32.Lastad.p" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP77\A0062817.exe infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP77\A0062818.exe infected by "Trojan-Proxy.Win32.Agent.ep" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP77\A0062819.exe infected by "Trojan-Downloader.Win32.Apropo.z" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP78\A0062821.EXE infected by "Trojan-PSW.Win32.ESpamer" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP89\A0067628.exe tagged as not-a-virus:AdWare.DelphinMedia.Viewer.f. No Action Taken.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP90\A0072251.EXE infected by "Trojan-PSW.Win32.ESpamer" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP91\A0076293.dll infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP91\A0076295.dll infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP91\A0076299.exe infected by "Trojan-Downloader.Win32.Lastad.p" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP91\A0076300.exe infected by "Trojan-Downloader.Win32.Lastad.p" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP91\A0076301.exe infected by "Trojan-Downloader.Win32.Lastad.h" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP91\A0076302.exe infected by "Trojan-Proxy.Win32.Agent.ep" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP91\A0076303.exe infected by "Trojan-Downloader.Win32.Apropo.z" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4C44EC77-4E4E-4C5A-9582-405D8CF345FE}\RP91\A0076692.exe tagged as not-a-virus:AdWare.DelphinMedia.Viewer.f. No Action Taken.
File C:\WINDOWS\a65d.exe tagged as not-a-virus:AdWare.MediaMotor.e. No Action Taken.
File C:\WINDOWS\banner.dll tagged as not-a-virus:AdWare.Banex.a. No Action Taken.
File C:\WINDOWS\dalin.exe tagged as not-a-virus:AdWare.WinAD.f. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\pcs_0029.exe tagged as not-a-virus:AdWare.Pacer.j. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\pcs_0029.exe tagged as not-a-virus:AdWare.Pacer.j. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.5\pcs_0002.exe tagged as not-a-virus:AdWare.Pacer.b. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.6\pcs_0002.exe tagged as not-a-virus:AdWare.Pacer.b. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.7\pcs_0002.exe tagged as not-a-virus:AdWare.Pacer.j. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\pcs_0029.exe tagged as not-a-virus:AdWare.Pacer.b. No Action Taken.
File C:\WINDOWS\lol2.exe tagged as not-a-virus:AdWare.WinAD.f. No Action Taken.
File C:\WINDOWS\msv.exe tagged as not-a-virus:AdWare.WinAD.af. No Action Taken.
File C:\WINDOWS\rebatez.exe tagged as not-a-virus:AdWare.WinAD.f. No Action Taken.
File C:\WINDOWS\system\lsass.exe infected by "Trojan-DDoS.Win32.Boxed.x" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\pww.exe tagged as not-a-virus:PSWTool.Win32.PassView.160. No Action Taken.
File C:\WINDOWS\system32\WinStat11.dll tagged as not-a-virus:AdWare.Winsta.a. No Action Taken.
File C:\WINDOWS\system32\WinStat12.dll tagged as not-a-virus:AdWare.Winsta.a. No Action Taken.
File C:\WINDOWS\Temp\addit.exe tagged as not-a-virus:AdWare.Midable.b. No Action Taken.
File C:\WINDOWS\Temp\all_files10.exe tagged as not-a-virus:AdWare.EZula. No Action Taken.
File C:\WINDOWS\Temp\fixit.exe tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\WINDOWS\Temp\ICD4.tmp\MediaTicketsInstaller.ocx tagged as not-a-virus:AdWare.MediaTickets.f. No Action Taken.
File C:\WINDOWS\Temp\ICD5.tmp\MediaTicketsInstaller.ocx tagged as not-a-virus:AdWare.MediaTickets.f. No Action Taken.
File C:\WINDOWS\Temp\ICD6.tmp\MediaTicketsInstaller.ocx tagged as not-a-virus:AdWare.MediaTickets.f. No Action Taken.
File C:\WINDOWS\Temp\loud.exe tagged as not-a-virus:AdWare.WinAD.f. No Action Taken.
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\V0HV6FJL\bleep[1].exe tagged as not-a-virus:AdWare.WinAD.f. No Action Taken.
File C:\WINDOWS\Temp\~admedia0\AdMediaPlugin.dll tagged as not-a-virus:AdWare.Apropos.g. No Action Taken.
File C:\WINDOWS\Temp\~admedia0\uninstaller.exe tagged as not-a-virus:AdWare.Apropos.h. No Action Taken.
File C:\WINDOWS\thin-143-1-x-x.exe tagged as not-a-virus:AdWare.BetterInternet. No Action Taken.
File C:\WINDOWS\whCC-GIANT.exe tagged as not-a-virus:AdWare.WebHancer.351. No Action Taken.


and heres a logfile of Ewido security suite

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:32:30 PM, 7/24/2005
+ Report-Checksum: 11B60487

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned without backup
HKLM\SOFTWARE\Classes\TypeLib\{EE6AE627-8F18-4986-BEAD-52073EDFC776} -> Spyware.BetterInternet : Cleaned without backup
HKLM\SOFTWARE\Classes\XParam.XParamObj -> Spyware.BetterInternet : Cleaned without backup
HKLM\SOFTWARE\Classes\XParam.XParamObj\CLSID -> Spyware.BetterInternet : Cleaned without backup
HKLM\SOFTWARE\Classes\XParam.XParamObj\CurVer -> Spyware.BetterInternet : Cleaned without backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF021F40-3E14-23A5-CBA2-717765721316} -> Spyware.MakeMeSearch : Cleaned without backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF021F40-3E14-23A5-CBA2-717765721316} -> Spyware.MakeMeSearch : Cleaned without backup
C:\bootldr3.exe -> Spyware.WinAD : Cleaned without backup
C:\Documents and Settings\freeuser.EGG\Cookies\freeuser@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned without backup
C:\Documents and Settings\freeuser.EGG\Local Settings\Temp\uninstall.exe -> Spyware.EliteBar : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@affiliates.x10[1].txt -> Spyware.Cookie.X10 : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@dbbsrv[1].txt -> Spyware.Cookie.Dbbsrv : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@e-2dj6wfk4kndjsfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@e-2dj6wjkykodpklp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@e-2dj6wjmiujd5ako.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@overture[1].txt -> Spyware.Cookie.Overture : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\john\Cookies\john@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned without backup
C:\Documents and Settings\john\Local Settings\Temp\!update.exe -> Spyware.PurityScan : Cleaned without backup
C:\Documents and Settings\john\Local Settings\Temp\H.exe -> Adware.MidADle : Cleaned without backup
C:\Documents and Settings\john\Local Settings\Temp\icVEuThQ.exe -> Adware.MidADle : Cleaned without backup
C:\Documents and Settings\john\Local Settings\Temp\uninstall.exe -> Spyware.EliteBar : Cleaned without backup
C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\5X5NEMFU\trk_0029[1].exe -> Spyware.Pacer : Cleaned without backup
C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\6U339GNB\pcs_0002[1].exe -> Spyware.Pacer : Cleaned without backup
C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\IJQ3A9UR\pcs_0029[1].exe -> Spyware.Pacer : Cleaned without backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9506WBD5\None[1].exe -> Spyware.WinAD : Cleaned without backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DHWVG5J7\bleep[1].exe -> Spyware.WinAD : Cleaned without backup
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CCA53E06-C2EB-479D-9408-906160\4B799830-AF5C-4F71-A09E-40ED3C -> Spyware.PurityScan : Cleaned without backup
C:\sbc.exe -> Spyware.WinAD : Cleaned without backup
C:\WINDOWS\a65d.exe -> Spyware.MediaMotor : Cleaned without backup
C:\WINDOWS\banner.dll -> Spyware.Banex : Cleaned without backup
C:\WINDOWS\dalin.exe -> Spyware.WinAD : Cleaned without backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\pcs_0029.exe -> Spyware.Pacer : Cleaned without backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\pcs_0029.exe -> Spyware.Pacer : Cleaned without backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\pcs_0002.exe -> Spyware.Pacer : Cleaned without backup
C:\WINDOWS\lol2.exe -> Spyware.WinAD : Cleaned without backup
C:\WINDOWS\rebatez.exe -> Spyware.WinAD : Cleaned without backup
C:\WINDOWS\system32\config\systemprofile\Cookies\system@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned without backup
C:\WINDOWS\system32\IELower.exe -> Trojan.LowZones.c : Cleaned without backup
C:\WINDOWS\system32\pww.exe -> Not-A-Virus.Tool.PassView.160 : Cleaned without backup
C:\WINDOWS\system32\TFTP1320 -> Backdoor.Rbot : Cleaned without backup
C:\WINDOWS\system32\WinStat11.dll -> Spyware.Winsta : Cleaned without backup
C:\WINDOWS\system32\WinStat12.dll -> Spyware.Winsta : Cleaned without backup
C:\WINDOWS\Temp\ICD5.tmp\MediaTicketsInstaller.ocx -> Spyware.MediaTickets : Cleaned without backup
C:\WINDOWS\Temp\ICD6.tmp\MediaTicketsInstaller.ocx -> Spyware.MediaTickets : Cleaned without backup
C:\WINDOWS\Temp\loud.exe -> Spyware.WinAD : Cleaned without backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\V0HV6FJL\bleep[1].exe -> Spyware.WinAD : Cleaned without backup
C:\WINDOWS\Temp\~admedia0\AdMediaPlugin.dll -> Spyware.Apropos : Cleaned without backup
C:\WINDOWS\thin-143-1-x-x.exe -> Adware.BetterInternet : Cleaned without backup


::Report End

#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 25 July 2005 - 08:34 AM

As I said in the beginning,this will take a few passes!

My eyes are all crossed up trying to read through those logs!

So if you dont mind,lets do a little cleanup and repeat the previous steps again while in Safe Mode!

This way I can see whats actually left!

Update Ewido and MWAV scanner!

Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Download and Install
CleanUp!
Dont use it yet!

Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Restart in Safe Mode

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midnitechallenge.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.midnitechallenge.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midnitechallenge.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.midnitechallenge.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe

O4 - HKLM\..\Run: [Windows Startup] svhost33.exe

O4 - HKLM\..\Run: [Windows Compliant] dehqof.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe

O4 - HKLM\..\Run: [Task Help] wualcts.exe

O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe

O4 - HKLM\..\Run: [s3FX3nP] tsbninst.exe

O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe

O4 - HKLM\..\Run: [msrepair] msrepair.exe

O4 - HKLM\..\Run: [Microsoftvirus] sysoverload.exe

O4 - HKLM\..\Run: [MicrosoftUpdates] syshelped.exe

O4 - HKLM\..\Run: [Microsofts Legacy Support] java.exe

O4 - HKLM\..\Run: [Microsoft Windows W32 Services] mssw32.exe

O4 - HKLM\..\Run: [Microsoft Intrenet Explorer] winadh.exe

O4 - HKLM\..\Run: [lexplore] lexplore.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Firewall Updater] msnupdateit.exe

O4 - HKLM\..\Run: [C.exe] C:\windows\temp\C.exe

O4 - HKLM\..\Run: [*windows update] wruauclt.exe

O4 - HKLM\..\RunServices: [window2] wintime.exe

O15 - Trusted Zone: http://www.neededware.com

O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) -

O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!

Run CleanUp!-> Click the Cleanup tab to begin the scan-> Once Completed-> Click "Close"-> Click "NO" to log off!

Run both Ewido and MWAV just as before and Save both Reports!


Now,from the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

The log it produces(WinPFind.txt) will be located in the WinPFind Folder!


Restart Normal and if you didnt run the Panda Online Scan,please run it now and Save the Report!

After all that,Scan the PC with HijackThis and post those results along with the Reports from MWAV-> Ewido-> WinPFind and Panda!

#6 Kevin3310

Kevin3310
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 25 July 2005 - 07:53 PM

wen am i supposed 2 run ewido and mwav scanner?? do i run it after i update them?

wat do umean repeat tha previous steps while i n safe mode ??

Do u mean update it in normal mode then restart in safe mdoe and scan it with mwav and ewido??

and save logs for both of them??

Edited by Kevin3310, 25 July 2005 - 07:57 PM.


#7 Kevin3310

Kevin3310
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 26 July 2005 - 06:05 AM

Logfile of HijackThis v1.99.1
Scan saved at 1:03:52 AM, on 07/26/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005 Client\aaclient.exe
C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005\aaserver.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midnitechallenge.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.midnitechallenge.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118342271639
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Ad-Axis Client - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005 Client\aaclient.exe" --debug --noop --service "Ad-Axis Client (file missing)
O23 - Service: Ad-Axis Server - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005\aaserver.exe" --debug --noop --trace --service "Ad-Axis Server (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: COM-service to IMAPI communicating engine (ImapiClient) - Unknown owner - C:\WINDOWS\System32\imapi32.exe (file missing)
O23 - Service: Task Help (TskHlp) - Unknown owner - C:\WINDOWS\System32\wualcts.exe" -netsvcs (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Panda log


Incident Status Location

Adware:adware/tubby No disinfected C:\WINDOWS\SYSTEM32\MTC.ini
Adware:adware/pacimedia No disinfected C:\WINDOWS\SYSTEM32\pacis.exe
Spyware:spyware/iehelp No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\ipreg32.inf
Spyware:spyware/betterinet No disinfected C:\WINDOWS\INF\banner.inf
Adware:adware/gator No disinfected C:\WINDOWS\GatorHDPlugin.log-old.log
Adware:adware/sahagent No disinfected C:\WINDOWS\unstall.exe
Spyware:spyware/adclicker No disinfected C:\WINDOWS\usta33.ini
Adware:adware/webhancer No disinfected C:\WINDOWS\whCC-GIANT.exe
Adware:adware/imgiant No disinfected C:\PROGRAM FILES\joystick networks
Spyware:spyware/media-motor No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/M67M.OCX
Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RUNMSC.LOADER.1
Adware:adware/wintools No disinfected HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_WINTOOLSSVC
Adware:adware/winstat No disinfected HKEY_CLASSES_ROOT\CLSID\{EE02B99B-1D55-48BC-B8DB-649A42CE45F6}
Adware:adware/sqwire No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\TSA
Adware:adware/cws No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGE_BAK
Adware:adware/ncase No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\SEARCH PAGE_BAK
Adware:adware/powerscan No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\BANDREST
Adware:adware/elitebar No disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{be8d0059-d24d-4919-b76f-99f4a2203647}
Possible Virus. No disinfected C:\Documents and Settings\john\Desktop\aimfix.exe
Adware:Adware/WUpd No disinfected C:\Documents and Settings\john\lc2.html
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\pcs_0002.exe
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.6\pcs_0002.exe
Spyware:Spyware/Iehelp No disinfected C:\WINDOWS\Downloaded Program Files\ipreg32.inf
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\m67m.inf
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\Downloaded Program Files\pcs_0029.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\banner.inf
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\joyiconsbbb.exe
Adware:Adware/WUpd No disinfected C:\WINDOWS\msv.exe
Adware:Adware/Tubby No disinfected C:\WINDOWS\system32\MTC.ini
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\m?iexec.exe
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\unstall.exe
Adware:Adware/WebHancer No disinfected C:\WINDOWS\whCC-GIANT.exe[whAgent.inf]
Adware:Adware/WebHancer No disinfected C:\WINDOWS\whCC-GIANT.exe[WhAgent.exe]
Adware:Adware/WebHancer No disinfected C:\WINDOWS\whCC-GIANT.exe[whInstaller.exe]
Adware:Adware/WebHancer No disinfected C:\WINDOWS\whCC-GIANT.exe[WhSurvey.exe]
Adware:Adware/WebHancer No disinfected C:\WINDOWS\whCC-GIANT.exe[Webhdll.dll]
Adware:Adware/WebHancer No disinfected C:\WINDOWS\whCC-GIANT.exe[whiehlpr.dll]
WinPfindlog

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Checking Selected Standard Folders

Checking %SystemDrive% folder...
PEC2 6/23/2005 10:52:02 AM 104242826 C:\01 Whole Album.MP3
UPX! 6/23/2005 10:52:06 AM 4276602 C:\05 Tainted.MP3

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
qoologic 2/22/2005 10:51:06 PM 3836 C:\WINDOWS\hghtoo.dll
urllogic 2/22/2005 10:51:06 PM 3836 C:\WINDOWS\hghtoo.dll
urllogic 2/22/2005 10:51:06 PM 3836 C:\WINDOWS\hghtoo.dll
abetterinternet.com 2/22/2005 10:51:06 PM 3836 C:\WINDOWS\hghtoo.dll
PECompact2 6/23/2005 2:02:24 PM 15233877 C:\WINDOWS\LPT$VPN.701
qoologic 6/23/2005 2:02:24 PM 15233877 C:\WINDOWS\LPT$VPN.701
SAHAgent 6/23/2005 2:02:24 PM 15233877 C:\WINDOWS\LPT$VPN.701
UPX! 12/22/2004 11:40:56 PM 16384 C:\WINDOWS\qoolrem.exe
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll
UPX! 4/15/2005 11:57:10 PM 170053 C:\WINDOWS\tsc.exe
PECompact2 6/23/2005 2:02:24 PM 15233877 C:\WINDOWS\VPTNFILE.701
qoologic 6/23/2005 2:02:24 PM 15233877 C:\WINDOWS\VPTNFILE.701
SAHAgent 6/23/2005 2:02:24 PM 15233877 C:\WINDOWS\VPTNFILE.701
UPX! 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
UPX! 5/10/2005 8:56:58 PM 226536 C:\WINDOWS\whCC-GIANT.exe

Checking %System% folder...
UPX! 9/17/2001 1:20:02 PM 9216 C:\WINDOWS\SYSTEM32\cpuinf32.dll
PEC2 8/22/2001 4:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 5/15/2004 4:10:42 PM 75264 C:\WINDOWS\SYSTEM32\MACDec.dll
UPX! 6/19/2004 6:28:44 PM 177152 C:\WINDOWS\SYSTEM32\MonkeySource.ax
Umonitor 8/22/2001 4:00:00 PM 630784 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 12/20/2004 12:34:22 PM 8704 C:\WINDOWS\SYSTEM32\TFTP11360
winsync 8/22/2001 4:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
UPX! 12/5/2003 11:18:08 PM 101376 C:\WINDOWS\SYSTEM32\xvid.ax

Checking %System%\Drivers folder and sub-folders...
UPX! 6/6/2005 11:52:30 PM 667744 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 6/6/2005 11:52:30 PM 667744 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 6/6/2005 11:52:30 PM 667744 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

Checking the Windows folder for system and hidden files within the last 60 days...
7/25/2005 3:12:56 PM 54156 C:\WINDOWS\QTFont.qfn
6/25/2005 12:48:38 PM 78336 C:\WINDOWS\Thumbs.db
6/9/2005 11:22:10 PM 10820 C:\WINDOWS\Help\nocontnt.GID
6/21/2005 4:56:46 AM 961 C:\WINDOWS\system32\vsconfig.xml
7/25/2005 3:20:10 PM 8192 C:\WINDOWS\system32\config\default.LOG
7/25/2005 3:20:30 PM 1024 C:\WINDOWS\system32\config\SAM.LOG
7/25/2005 3:20:18 PM 16384 C:\WINDOWS\system32\config\SECURITY.LOG
7/25/2005 4:03:16 PM 811008 C:\WINDOWS\system32\config\software.LOG
7/25/2005 3:58:30 PM 1003520 C:\WINDOWS\system32\config\system.LOG
7/25/2005 3:18:54 PM 6 C:\WINDOWS\Tasks\SA.DAT
7/22/2005 4:00:02 PM 382 C:\WINDOWS\Tasks\{00224E9D-BC63-42A7-A69B-9F8036774631}_EGG_john.job
7/22/2005 4:00:02 PM 382 C:\WINDOWS\Tasks\{0B5F83C6-CFA1-48CD-836E-6F03EB834882}_EGG_john.job
7/25/2005 9:00:02 AM 382 C:\WINDOWS\Tasks\{4CE30C8E-3274-4325-A884-A451D3A062A4}_EGG_john.job

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...

Checking Selected Registry Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
WMC_AutoUpdate
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Share-to-Web Namespace Daemon C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
nwiz nwiz.exe /install
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nForce Tray Options sstray.exe /r
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
NeroCheck C:\WINDOWS\system32\NeroCheck.exe
CXMon "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
IMAIL
MAPI
MSFS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Steam
NBJ "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Hkpp C:\WINDOWS\System32\m?iexec.exe
H/PC Connection Agent "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
= C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
UserInit = C:\WINDOWS\System32\userinit.exe,
Shell = Explorer.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder
{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn
{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray
{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs

Scan Complete


Mwav scan log

File C:\WINDOWS\msv.exe tagged as not-a-virus:AdWare.WinAD.af. No Action Taken.
File C:\WINDOWS\whCC-GIANT.exe tagged as not-a-virus:AdWare.WebHancer.351. No Action Taken.
File C:\Documents and Settings\All Users\Documents\Counter-Strike\hltv.exe tagged as not-a-virus:Server-Proxy.Win32.Hltv. No Action Taken.
File C:\Documents and Settings\john\My Documents\My Music\New Folder\filez\DivXPro511Adware.exe tagged as not-a-virus:AdWare.Gator.3202. No Action Taken.
File C:\Documents and Settings\john\My Documents\My Music\programs\DivXPro511Adware.exe tagged as not-a-virus:AdWare.Gator.3202. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.5\pcs_0002.exe tagged as not-a-virus:AdWare.Pacer.b. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.6\pcs_0002.exe tagged as not-a-virus:AdWare.Pacer.b. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\pcs_0029.exe tagged as not-a-virus:AdWare.Pacer.b. No Action Taken.
File C:\WINDOWS\msv.exe tagged as not-a-virus:AdWare.WinAD.af. No Action Taken.
File C:\WINDOWS\whCC-GIANT.exe tagged as not-a-virus:AdWare.WebHancer.351. No Action Taken.

Ewido scan log

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:01:06 PM, 7/25/2005
+ Report-Checksum: 775A68E0

+ Scan result:

No infected objects found.


::Report End

#8 Kevin3310

Kevin3310
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 26 July 2005 - 06:17 AM

uhh btw can i ask how do i make mai top of mai windows and mai bottom of mai screen start menu and stuff bubbly and green??again eversince i followed these directionseerythings like plain kind... that bubbly thing dissapeared

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 27 July 2005 - 04:56 AM

Sorry for the delays Kevin,Work has occupied all my time this week!

Download the Attached Reg File to your Desktop but dont run it yet!

Do you have a Corporate Edition of Ad Aware running on this PC?

Click Start-> Run-> Type in Services.msc and Click OK!

Scroll that list and locate this entry

Task Help

Right Click that entry and Select Properties-> Click Stop-> Go up and change the Startup Type to Disabled!

Download Pocket KillBox from here:
http://www.bleepingcomputer.com/files/killbox.php
There is a Direct Download and a description of what the Program does inside this link.

Copy&Paste each entry below into Killboxes "Full Path of File to Delete"

C:\WINDOWS\SYSTEM32\MTC.ini
C:\WINDOWS\SYSTEM32\pacis.exe
C:\WINDOWS\SYSTEM32\cpuinf32.dll
C:\WINDOWS\SYSTEM32\TFTP11360
C:\WINDOWS\System32\wualcts.exe
C:\WINDOWS\DOWNLOADED PROGRAM FILES\ipreg32.inf
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\pcs_0002.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\pcs_0002.exe
C:\WINDOWS\Downloaded Program Files\m67m.inf
C:\WINDOWS\Downloaded Program Files\pcs_0029.exe
C:\WINDOWS\INF\banner.inf
C:\WINDOWS\qoolrem.exe
C:\WINDOWS\hghtoo.dll
C:\WINDOWS\joyiconsbbb.exe
C:\WINDOWS\msv.exe
C:\WINDOWS\GatorHDPlugin.log-old.log
C:\WINDOWS\unstall.exe
C:\WINDOWS\usta33.ini
C:\WINDOWS\whCC-GIANT.exe
C:\PROGRAM FILES\joystick networks
C:\Documents and Settings\john\lc2.html
C:\Documents and Settings\john\My Documents\My Music\New Folder\filez\DivXPro511Adware.exe
C:\Documents and Settings\john\My Documents\My Music\programs\DivXPro511Adware.exe


As you paste each into Killbox,place a tick by "Delete on Reboot"

Click the Red Circle with the White X in the Middle to Delete!

Click "Yes" to Confirm

Click "No" to Reboot

Once at the last file

Click "Yes" to Confirm

Click "Yes" to Reboot


If you get a PendingFileRenameOperations Registry Data has been Removed by External Process! message then just restart manually.


When you Reboot-> Go to Safe Mode!

Once in Safe Mode-> Run all those entries through Killbox again,this time place a tick by these selections when available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"
"Deltree(Include Subdirectories)"


Click the Red Circle with the White X in the Middle to Delete!

Locate the Reg File you downloaded and Double Click to Execute-> Allow it to merge into the Registry!

Open HijackThis and put a check next to these

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O15 - Trusted Zone: http://www.neededware.com

O23 - Service: Task Help (TskHlp) - Unknown owner - C:\WINDOWS\System32\wualcts.exe" -netsvcs (file missing)

Make sure All Windows and Browsers are Closed and Click "Fix Checked"

Click Start-> Run-> Type in sc delete TskHlp and click OK!

Once all is completed-> Restart in Normal Mode!

Once back in Normal Mode-> Open Internet Explorer-> Click Tools-> Click Windows Update-> Get all the available updates!

You should be at SP2 when you post back!

Please Post back with a fresh HijackThis log!

Attached Files

  • Attached File  Clr.reg   740bytes   11 downloads

Edited by Cretemonster, 27 July 2005 - 04:58 AM.


#10 Kevin3310

Kevin3310
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 27 July 2005 - 04:50 PM

uhh after i got updates and restarted it wouildnt let me restart normally the computer kept restarting wen it was loading the log in screen so i had 2 go back to tha last known good configuration..... and i think some of tha virusescame back can i start ALL... over please????


I AM SO SORRY....

if u say yes i will post a new hi jack this log

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:02 AM

Posted 29 July 2005 - 02:02 PM

Hello,

Because Cretemonster is in hospital unfortunately, he can't reply to your log. That's why I'll take over here.


Yes, please post a new hijackthislog. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 Kevin3310

Kevin3310
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 29 July 2005 - 05:52 PM

Logfile of HijackThis v1.99.1
Scan saved at 12:57:31 PM, on 07/29/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005 Client\aaclient.exe
C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005\aaserver.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\dwwin.exe
C:\Hijack This\HijackThis.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midnitechallenge.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.midnitechallenge.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.midnitechallenge.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122469205717
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Ad-Axis Client - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005 Client\aaclient.exe" --debug --noop --service "Ad-Axis Client (file missing)
O23 - Service: Ad-Axis Server - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005\aaserver.exe" --debug --noop --trace --service "Ad-Axis Server (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: COM-service to IMAPI communicating engine (ImapiClient) - Unknown owner - C:\WINDOWS\System32\imapi32.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



BTW in startup it always says i recovered from a serious error and wen i click dont send it pops up again so i have to ctrl alt delete stuff to not run explorer and other stuff....

and... i was wondergin how coem the top of mai window is not 3da nymore... and mai start menu isnt anymore.. plz help me....

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:02 AM

Posted 29 July 2005 - 06:36 PM

Hello,

I can't see much malicious in your log anymore... only some leftovers:

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab


* Click on Fix Checked when finished and exit HijackThis.

About your startmenu and the top of your window I don't understand really.
You mean your startmenu is gone? Or is it looking different, in the classic style instead of XP-style?
If so, To restore this and set it back to XP-theme, rightclick on your desktop > properties > tab Appearances and choose Windows XP style again under windows and buttons.
Click apply and OK.

If not, please explain more, because I don't really understand what you are trying to say.

This can also because you choose last good known configuration. Already tried systemrestore? I know that Nvidea has problems with that and some drivers/devices won't load. Systemrestore can be a solution.
Also, I see Nerocheck two times in your startup? I don't like that and that can also cause problems. Had it once before that because of Nero my system wouldn't boot also after updating my windows. Seems afterwards that Nero (InCd) was the culprit. So I uninstalled it and problem was fixed. Now Nero has an update for that.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 Kevin3310

Kevin3310
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 29 July 2005 - 08:34 PM

about tha start menu issue tha point is i tried that right lcick is and tha only choice i have is classic style....... da windows xpstyle is gone for somereason...

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:02 AM

Posted 30 July 2005 - 12:22 AM

Ah, ok.. no problem. We can fix this.

First I want to check something:

Open notepad, copy and paste next content (bold) in it:

dir C:\WINDOWS\Resources\Themes\Luna /a h > files.txt
notepad files.txt


Save this as look.bat ,choose to save as *all files and save it to your desktop.
Doubleclick on it and notepad will open with some text in it.
Copy and paste this in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users