Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help - Please look at HJ Log


  • Please log in to reply
9 replies to this topic

#1 mart55

mart55

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 20 August 2005 - 06:46 PM

My daughters computer Dell 2400. Can't do much of anything - Can't run adaware or spybot or get to internet. Can't delete kaazaa or some of the other stuff. A real mess! Thinking about a clean reinstall?

Any help would be appreciated.
Thanks


Logfile of HijackThis v1.99.1
Scan saved at 7:23:50 PM, on 8/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\etb\pokapoka62.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\VisualElementFXad\VisualElementFXad.exe
C:\Documents and Settings\All Users\Application Data\RDSA\xde00227.exe
C:\Documents and Settings\All Users\Application Data\RDSA\xde26000.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\picsvr\picsvr.exe
c:\windows\system32\vhvnlf.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\Program Files\Wszvu\Ycabaum.exe
C:\WINDOWS\mcm\mcm3.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\dubiolln.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Blubster\Blubster.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
c:\PROGRA~1\Toolbar\radio.exe
c:\PROGRA~1\Toolbar\WSG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\system.mcm
C:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adsonwww.com/servlet/ajrotator/1261...L?zone=enternet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteczo32.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [VisualElementFXad] C:\WINDOWS\VisualElementFXad\VisualElementFXad.exe
O4 - HKLM\..\Run: [Visual Element FX5] C:\Documents and Settings\All Users\Application Data\RDSA\xde00227.exe
O4 - HKLM\..\Run: [Visual Element Fx] C:\Documents and Settings\All Users\Application Data\RDSA\xde26000.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [var today = new Dat] c:\WINDOWS\System32\var today = new Date();
O4 - HKLM\..\Run: [var strT] c:\WINDOWS\System32\var strTemp;
O4 - HKLM\..\Run: [var strP] c:\WINDOWS\System32\var strPort;
O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINDOWS\System32\var gSafeOnload = new Array();
O4 - HKLM\..\Run: [var expire = new Dat] c:\WINDOWS\System32\var expire = new Date();
O4 - HKLM\..\Run: [var d=docum] c:\WINDOWS\System32\var d=document;
O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINDOWS\System32\top.location.replace(strTemp);
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINDOWS\System32\SafeAddOnload(PUWStart);
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [Microsoft Windows Application] system.mcm
O4 - HKLM\..\Run: [Mekfhxn] C:\Program Files\Wszvu\Ycabaum.exe
O4 - HKLM\..\Run: [MCM3] C:\WINDOWS\mcm\mcm3.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [if (IE4p] c:\WINDOWS\System32\if (IE4plus)
O4 - HKLM\..\Run: [IEMajor ] c:\WINDOWS\System32\IEMajor = 0;
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINDOWS\System32\gPopupWindow.toolbar = false;
O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINDOWS\System32\gPopupWindow.statusbar = false;
O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINDOWS\System32\gPopupWindow.resizable = false;
O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINDOWS\System32\gPopupWindow.ontop = false;
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [function setCookie(name, value) ] c:\WINDOWS\System32\function setCookie(name, value) {
O4 - HKLM\..\Run: [function SafeOnlo] c:\WINDOWS\System32\function SafeOnload()
O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINDOWS\System32\function SafeAddOnload(f)
O4 - HKLM\..\Run: [function redirec] c:\WINDOWS\System32\function redirect(){
O4 - HKLM\..\Run: [function PUW_Sh] c:\WINDOWS\System32\function PUW_Show()
O4 - HKLM\..\Run: [function PUW_In] c:\WINDOWS\System32\function PUW_Init()
O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINDOWS\System32\function PUW_CheckFrequency()
O4 - HKLM\..\Run: [function PUWSta] c:\WINDOWS\System32\function PUWStart()
O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINDOWS\System32\function PopupWindow(url,width,height)
O4 - HKLM\..\Run: [function isInt(nu] c:\WINDOWS\System32\function isInt(numIn)
O4 - HKLM\..\Run: [function getCookie(Name) ] c:\WINDOWS\System32\function getCookie(Name) {
O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [CTyC3BWB] C:\WINDOWS\dubiolln.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [// Browser Detec] c:\WINDOWS\System32\// Browser Detection
O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINDOWS\System32\// Body onload utility (supports multiple onload functions)
O4 - HKLM\..\Run: [lcugoa] c:\windows\system32\vhvnlf.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Download Plus.lnk = C:\RECYCLER\NPROTECT\01306553.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Music Communication Module.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: rkuu.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c8.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/scandl_cnry.cab
O16 - DPF: {2D76EB71-F632-75E3-529A-0836E1BCB4D8} - http://public.searchbarcash.com/cab/352/qpmytsxh.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002245.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...76/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002245.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,16/mcgdmgr.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe

BC AdBot (Login to Remove)

 


#2 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 23 August 2005 - 03:14 AM

Please download the following removal utilities.
http://securityresponse.symantec.com/avcenter/FxIstbar.exe
&
http://www.support.microsoft.com/kb/886590

Run both removal tools in safe mode. To boot into safe mode, press f8 during a reboot and select safe mode.

After you have run both tools in safe mode please Download LQfix.exe and place it on your desktop.
Doubleclick LQfix.exe and click install.
This will create a new folder called LQfix on your desktop.
Open the folder and doubleclick ClickThis.bat
Follow the prompts on the screen.
Your system will reboot afterwards.
Please be patient after reboot, because there is a script running in the background.


Next, Download Ewido, install then from within the program check for updates BUT dont scan yet
ewido security suite: http://fileforum.betanews.com/detail/ewido...te/1098736486/1
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful"), Now close the program.
Do NOT run a scan yet.

Notes: If you already have the program please make sure its version 3.5 you have and updated.
If the program just exits before it finishes start it again and set it up to do a custom scan:
Start the program click the scan button over to the left click custom scan, click add drive/directory/file
and add c:\documents and settings\
add c:\windows\
add c:\windows\system32\ also, then click start scan, have it remove everything found.

Please download Nailfix from here:
http://www.noidea.us/easyfile/file.php?dow...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.


Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#3 mart55

mart55
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 23 August 2005 - 10:32 PM

First - Thanks QuietFusion!

I think all the steps were completed. Things are much better. I can get to the internet now. Eventually want to get rid of a bunch of the junk on this computer, but need to get it cleaned first. Below find the Ewido and HiJack This logs:

Again, Thanks

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:05:57 PM, 8/23/2005
+ Report-Checksum: FCA8A8B3

+ Scan result:

HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Altnet\TopSearch -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{83DC91DB-7896-43E3-B34D-A7D043F16BB1} -> Spyware.ClearStream : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CABCF5E7-0C79-4F1C-909D-B9CF68FED746} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CE7EF827-47CC-48EB-B570-C367F1E1277E} -> Spyware.RideMG : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{205FF73A-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9603A736-05B9-4D78-BDD5-BDCB0914E522} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{205FF72E-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{DB9A4E78-35DF-4A54-B6C5-C5190CEAF949} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WSG.WSGObj -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WSG.WSGObj\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\picsvr -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
HKU\.DEFAULT\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-2193461170-4086930664-3541234114-1007\Software\Cydoor -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-18\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
C:\checkgfie5344.exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\temp.fr9B2D -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\RDSA\xde26000.exe -> TrojanDownloader.Agent.ih : Cleaned with backup
C:\Documents and Settings\jaci healy\Cookies\jaci healy@a.tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\jaci healy\Cookies\jaci healy@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Cookies\jaci healy@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\jaci healy\Cookies\jaci healy@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\jaci healy\Cookies\jaci healy@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\jaci healy\Cookies\jaci healy@adtrak[1].txt -> Spyware.Cookie.Adtrak : Cleaned with backup
C:\Documents and Settings\jaci healy\Cookies\jaci healy@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\jaci healy\Cookies\jaci healy@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\jaci healy\Cookies\jaci healy@cz6.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\jaci healy\Cookies\jaci healy@cz8.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\jaci healy\Cookies\jaci healy@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\jaci healy\Cookies\jaci healy@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\jaci healy\Cookies\jaci healy@linkbuddies[2].txt -> Spyware.Cookie.Linkbuddies : Cleaned with backup
C:\Documents and Settings\jaci healy\Cookies\jaci healy@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\jaci healy\Cookies\jaci healy@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\jaci healy\Cookies\jaci healy@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\jaci healy\Cookies\jaci healy@stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\jaci healy\Cookies\jaci healy@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\ANB\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\APE\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\ARX\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\bb.exe -> Spyware.BargainBuddy.l : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\BGR\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\CBG\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\ckz5ceffa1\Files\sx.htm -> Spyware.TwainTech : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\Cookies\jaci healy@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\Cookies\jaci healy@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\Cookies\jaci healy@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\DWV\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\EACDownload\eanth_setup-b.exe -> Spyware.eAcceleration : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\EACDownload\eanth_setup.exe -> Spyware.eAcceleration : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\GKL\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\ICD1.tmp\QDow.dll -> TrojanDownloader.QDown.d : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\mcm3.exe -> TrojanProxy.Agent.fh : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\msg12.tmp10762767686733.exe -> TrojanDropper.Bridge : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\msgD.tmp10750881965446.exe -> TrojanDropper.Bridge : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\NSS\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\OFG\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\OUJ\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\PEU\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\PPL\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\rider_pop3.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\SOJ\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\sr.exe -> Spyware.Relevance.b : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\tool5-ridemg-165143.exe -> Spyware.HotSearchBar.e : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\toolbar.cab/IExploreSkins.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\toolbar.cab/toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\UPP\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\XDH\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\XZC\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\YFC\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temp\YHO\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temporary Internet Files\Content.IE5\4DA3G52N\mcm3[1].exe -> TrojanProxy.Agent.fh : Cleaned with backup
C:\Documents and Settings\jaci healy\Local Settings\Temporary Internet Files\Content.IE5\4DA3G52N\proxy_inst[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@ads.x10[1].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@premiumnetworkrocks.valuead[2].txt -> Spyware.Cookie.Valuead : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\marty healy\Cookies\marty healy@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@casinopays[1].txt -> Spyware.Cookie.Casinopays : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@crbanner.casinopays[2].txt -> Spyware.Cookie.Casinopays : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@ehg-aol.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@euniverseads[1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@gator[1].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@www2.enigmasoftwaregroup[1].txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@www6.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Cookies\marty healy@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\II1A03.tmp -> Spyware.Beginto.c : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\II1A04.tmp -> Spyware.Beginto.c : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\II1A05.tmp -> Spyware.Beginto.c : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\II6.tmp -> Spyware.Beginto.c : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\II7.tmp -> Spyware.Beginto.c : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\II8.tmp -> Spyware.Beginto.c : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\Rider_180AInstaller.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\temp.cab/IExploreSkins.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temp\__unin__.exe -> Spyware.Altnet : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\0L8DEBG1\DrPMon[1].dll -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\0L8DEBG1\istsvc[1].exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\0L8DEBG1\istsvc[2].exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\BL45OV8X\newmajorse2[1].cab/newmajorse2.txt -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\BL45OV8X\newmajorse2[3].cab/newmajorse2.txt -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\BL45OV8X\newmajorse2[4].cab/newmajorse2.txt -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\BL45OV8X\newmajorse2[5].cab/newmajorse2.txt -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\BL45OV8X\newmajorse2[6].cab/newmajorse2.txt -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\C7E3GZCV\AproposClientInstaller[1].exe -> TrojanDownloader.Apropos.s : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\C7E3GZCV\newmajorse2[1].cab/newmajorse2.txt -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\C7E3GZCV\newmajorse2[3].cab/newmajorse2.txt -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\G9KNSR03\AproposClientInstaller[1].exe -> TrojanDownloader.Apropos.s : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\G9KNSR03\Bolger[1].dll -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\G9KNSR03\common[1].cab/common.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\ISTKQR6B\Nail[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\ISTKQR6B\svcproc[1].exe -> Trojan.Stervis.b : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\ISTKQR6B\watch_free_porn[1].exe -> Spyware.Beginto.c : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\M5O78LMN\newmajorse2[1].cab/newmajorse2.txt -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\M5O78LMN\watch_free_porn[1].exe -> Spyware.Beginto.c : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\MH8NILI1\newmajorse2[2].cab/newmajorse2.txt -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\marty healy\Local Settings\Temporary Internet Files\Content.IE5\VE0Z39O1\aurora[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL -> Spyware.MyWay : Cleaned with backup
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Backup\nwcr1988.RB0/Documents and Settings/marty healy/Local Settings/Temp/EACDownload/nwcr.exe -> TrojanDownloader.Wren.b : Cleaned with backup
C:\Program Files\qoologic\installer.exe -> TrojanDropper.Small.wc : Cleaned with backup
C:\Program Files\Wszvu\Ycabaum.exe -> Trojan.Small.cy : Cleaned with backup
C:\RECYCLER\NPROTECT\01763512.exe -> Spyware.Wintools : Cleaned with backup
C:\RECYCLER\NPROTECT\01763513.exe -> Spyware.Wintools : Cleaned with backup
C:\RECYCLER\NPROTECT\01763546.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01763547.EXE -> Spyware.WebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\01763583.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01763669.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01763672.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01763673.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01763717.exe -> Trojan.Agent.cp : Cleaned with backup
C:\RECYCLER\NPROTECT\01763753.exe -> Trojan.Agent.cp : Cleaned with backup
C:\RECYCLER\NPROTECT\01763772.exe -> Spyware.Wintools : Cleaned with backup
C:\RECYCLER\NPROTECT\01763776.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01763796.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01763878.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01763880.exe -> Trojan.Agent.cp : Cleaned with backup
C:\RECYCLER\NPROTECT\01763883.exe -> Trojan.Agent.cp : Cleaned with backup
C:\RECYCLER\NPROTECT\01763891.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01763932.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01763993.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01763996.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01763997.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764027.exe -> Trojan.Agent.cp : Cleaned with backup
C:\RECYCLER\NPROTECT\01764064.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01764065.exe -> Trojan.Agent.cp : Cleaned with backup
C:\RECYCLER\NPROTECT\01764066.exe -> Spyware.Wintools : Cleaned with backup
C:\RECYCLER\NPROTECT\01764094.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764099.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01764100.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764101.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764168.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764190.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764198.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764202.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764226.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764231.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764270.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764282.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764287.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764302.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764305.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764360.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764362.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764398.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764408.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764421.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764429.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764453.exe -> Trojan.Agent.cp : Cleaned with backup
C:\RECYCLER\NPROTECT\01764457.exe -> Trojan.Agent.cp : Cleaned with backup
C:\RECYCLER\NPROTECT\01764458.exe -> Trojan.Agent.cp : Cleaned with backup
C:\RECYCLER\NPROTECT\01764480.exe -> Spyware.Wintools : Cleaned with backup
C:\RECYCLER\NPROTECT\01764510.wzg -> Spyware.WebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\01764511.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764574.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01764587.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01764590.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764598.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764670.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764683.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764724.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764734.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764764.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764777.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764787.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764796.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764806.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764844.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764856.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764885.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764921.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764937.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764946.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764959.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764984.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01764997.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765019.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765023.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765026.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765031.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765034.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765039.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765043.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765050.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765053.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765151.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765153.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765158.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765161.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765166.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765169.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765174.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765177.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765182.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765185.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765190.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765193.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765199.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765592.exe -> Trojan.Agent.cp : Cleaned with backup
C:\RECYCLER\NPROTECT\01765634.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765706.exe -> Trojan.Agent.cp : Cleaned with backup
C:\RECYCLER\NPROTECT\01765786.exe -> Spyware.Wintools : Cleaned with backup
C:\RECYCLER\NPROTECT\01765788.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765793.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765800.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01765824.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01765826.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765828.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765854.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765881.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765903.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765978.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01765994.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01766040.wzg -> Spyware.IBIS : Cleaned with backup
C:\RECYCLER\NPROTECT\01766279.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01766316.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01766590.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01766635.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01766762.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01766791.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01766978.TXT -> Spyware.Cookie.Adserver : Cleaned with backup
C:\RECYCLER\NPROTECT\01766979.TXT -> Spyware.Cookie.Adserver : Cleaned with backup
C:\RECYCLER\NPROTECT\01767023.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01767025.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01767026.EXE -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01767027.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\01767028.EXE -> Spyware.Hijacker.Generic : Cleaned with backup
C:\RECYCLER\NPROTECT\01767029.EXE -> Spyware.Hijacker.Generic : Cleaned with backup
C:\RECYCLER\NPROTECT\01767030.EXE -> Spyware.Hijacker.Generic : Cleaned with backup
C:\RECYCLER\NPROTECT\01767031.EXE -> Spyware.Hijacker.Generic : Cleaned with backup
C:\RECYCLER\NPROTECT\01767200.TXT -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\RECYCLER\NPROTECT\01767201.TXT -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\RECYCLER\NPROTECT\01767202.TXT -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\WINDOWS\bsx32 -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ADBN1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ADVC4.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\AUTOS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\BID1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\BingoRoom1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\CARS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\DATE3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\DEBT1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\EDU1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\INK1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMP1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TV1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\XTFL2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll -> Spyware.Browsertoolbar : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\lkir8l2gm_.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaAccX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx -> Spyware.MediaTickets : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\QDow.dll -> TrojanDownloader.QDown.d : Cleaned with backup
C:\WINDOWS\dydjbf.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\frsk.exe -> Backdoor.Agent.bg : Cleaned with backup
C:\WINDOWS\isrvs\desktop.exe -> Spyware.iSearch : Cleaned with backup
C:\WINDOWS\isrvs\edmond.exe -> Trojan.Isearch : Cleaned with backup
C:\WINDOWS\isrvs\ffisearch.exe -> Spyware.iSearch : Cleaned with backup
C:\WINDOWS\isrvs\isearch.xpi/chrome/isearch.jar/content/isearch/isearch.js -> Spyware.iSearch : Cleaned with backup
C:\WINDOWS\isrvs\mfiltis.dll -> Spyware.iSearch : Cleaned with backup
C:\WINDOWS\isrvs\msdbhk.dll -> Spyware.iSearch : Cleaned with backup
C:\WINDOWS\lbdcsxpgpxz.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\mcm\mcm3.exe -> TrojanProxy.Agent.fh : Cleaned with backup
C:\WINDOWS\SYSTEM32\bH.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\BO2802040113.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\proxy_inst[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\silent_setup[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/WINDOWS/System32/msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adx.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\mbbi8016.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsvsvc\nsv.ocx -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsvsvc\nsvs.dll -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsvsvc\nsvsvc.exe -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\SYSTEM32\picsvr\picsvr.exe -> TrojanDownloader.Delmed.b : Cleaned with backup
C:\WINDOWS\SYSTEM32\SHAgentNew.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\Temp\BT58lbMm.exe -> Spyware.WebSearch : Error during cleaning
C:\WINDOWS\Temp\mpalgmwD.exe -> Spyware.WebSearch : Error during cleaning
C:\WINDOWS\Temp\nFpRfddZ.exe -> Spyware.WebSearch : Error during cleaning
C:\WINDOWS\Temp\S1ns2PrI.exe -> Spyware.WebSearch : Error during cleaning
C:\WINDOWS\Temp\THI1B5.tmp\twaintec.cab/twaintec.dll -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\Temp\THI1B5.tmp\twaintec.cab/preInsTT.exe -> Spyware.BiSpy : Cleaned with backup


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 11:14:12 PM, on 8/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\VisualElementFXad\VisualElementFXad.exe
C:\Documents and Settings\All Users\Application Data\RDSA\xde00227.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe
C:\WINDOWS\System32\system.mcm
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKLM\..\Run: [VisualElementFXad] C:\WINDOWS\VisualElementFXad\VisualElementFXad.exe
O4 - HKLM\..\Run: [Visual Element FX5] C:\Documents and Settings\All Users\Application Data\RDSA\xde00227.exe
O4 - HKLM\..\Run: [Visual Element Fx] C:\Documents and Settings\All Users\Application Data\RDSA\xde26000.exe
O4 - HKLM\..\Run: [var today = new Dat] c:\WINDOWS\System32\var today = new Date();
O4 - HKLM\..\Run: [var strT] c:\WINDOWS\System32\var strTemp;
O4 - HKLM\..\Run: [var strP] c:\WINDOWS\System32\var strPort;
O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINDOWS\System32\var gSafeOnload = new Array();
O4 - HKLM\..\Run: [var expire = new Dat] c:\WINDOWS\System32\var expire = new Date();
O4 - HKLM\..\Run: [var d=docum] c:\WINDOWS\System32\var d=document;
O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINDOWS\System32\top.location.replace(strTemp);
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINDOWS\System32\SafeAddOnload(PUWStart);
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Windows Application] system.mcm
O4 - HKLM\..\Run: [Mekfhxn] C:\Program Files\Wszvu\Ycabaum.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [if (IE4p] c:\WINDOWS\System32\if (IE4plus)
O4 - HKLM\..\Run: [IEMajor ] c:\WINDOWS\System32\IEMajor = 0;
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINDOWS\System32\gPopupWindow.toolbar = false;
O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINDOWS\System32\gPopupWindow.statusbar = false;
O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINDOWS\System32\gPopupWindow.resizable = false;
O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINDOWS\System32\gPopupWindow.ontop = false;
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [function setCookie(name, value) ] c:\WINDOWS\System32\function setCookie(name, value) {
O4 - HKLM\..\Run: [function SafeOnlo] c:\WINDOWS\System32\function SafeOnload()
O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINDOWS\System32\function SafeAddOnload(f)
O4 - HKLM\..\Run: [function redirec] c:\WINDOWS\System32\function redirect(){
O4 - HKLM\..\Run: [function PUW_Sh] c:\WINDOWS\System32\function PUW_Show()
O4 - HKLM\..\Run: [function PUW_In] c:\WINDOWS\System32\function PUW_Init()
O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINDOWS\System32\function PUW_CheckFrequency()
O4 - HKLM\..\Run: [function PUWSta] c:\WINDOWS\System32\function PUWStart()
O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINDOWS\System32\function PopupWindow(url,width,height)
O4 - HKLM\..\Run: [function isInt(nu] c:\WINDOWS\System32\function isInt(numIn)
O4 - HKLM\..\Run: [function getCookie(Name) ] c:\WINDOWS\System32\function getCookie(Name) {
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [// Browser Detec] c:\WINDOWS\System32\// Browser Detection
O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINDOWS\System32\// Body onload utility (supports multiple onload functions)
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Download Plus.lnk = C:\RECYCLER\NPROTECT\01306553.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Music Communication Module.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: rkuu.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c8.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...76/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,16/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 24 August 2005 - 03:41 AM

Looks better

Press Ctrl+Alt+Delete Once and end the following task
C:\WINDOWS\System32\system.mcm


Close all your running programs, run Hijackthis and place a check next to the following.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O4 - HKLM\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKLM\..\Run: [var today = new Dat] c:\WINDOWS\System32\var today = new Date();
O4 - HKLM\..\Run: [var strT] c:\WINDOWS\System32\var strTemp;
O4 - HKLM\..\Run: [var strP] c:\WINDOWS\System32\var strPort;
O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINDOWS\System32\var gSafeOnload = new Array();
O4 - HKLM\..\Run: [var expire = new Dat] c:\WINDOWS\System32\var expire = new Date();
O4 - HKLM\..\Run: [var d=docum] c:\WINDOWS\System32\var d=document;
O4 - HKLM\..\Run: [top.location.replace(strTe] c:\WINDOWS\System32\top.location.replace(strTemp);
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINDOWS\System32\SafeAddOnload(PUWStart);
O4 - HKLM\..\Run: [Microsoft Windows Application] system.mcm
O4 - HKLM\..\Run: [Mekfhxn] C:\Program Files\Wszvu\Ycabaum.exe
O4 - HKLM\..\Run: [if (IE4p] c:\WINDOWS\System32\if (IE4plus)
O4 - HKLM\..\Run: [IEMajor ] c:\WINDOWS\System32\IEMajor = 0;
O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINDOWS\System32\gPopupWindow.toolbar = false;
O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINDOWS\System32\gPopupWindow.statusbar = false;
O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINDOWS\System32\gPopupWindow.resizable = false;
O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINDOWS\System32\gPopupWindow.ontop = false;
O4 - HKLM\..\Run: [function setCookie(name, value) ] c:\WINDOWS\System32\function setCookie(name, value) {
O4 - HKLM\..\Run: [function SafeOnlo] c:\WINDOWS\System32\function SafeOnload()
O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINDOWS\System32\function SafeAddOnload(f)
O4 - HKLM\..\Run: [function redirec] c:\WINDOWS\System32\function redirect(){
O4 - HKLM\..\Run: [function PUW_Sh] c:\WINDOWS\System32\function PUW_Show()
O4 - HKLM\..\Run: [function PUW_In] c:\WINDOWS\System32\function PUW_Init()
O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINDOWS\System32\function PUW_CheckFrequency()
O4 - HKLM\..\Run: [function PUWSta] c:\WINDOWS\System32\function PUWStart()
O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINDOWS\System32\function PopupWindow(url,width,height)
O4 - HKLM\..\Run: [function isInt(nu] c:\WINDOWS\System32\function isInt(numIn)
O4 - HKLM\..\Run: [function getCookie(Name) ] c:\WINDOWS\System32\function getCookie(Name) {
O4 - HKLM\..\Run: [// Browser Detec] c:\WINDOWS\System32\// Browser Detection
O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINDOWS\System32\// Body onload utility (supports multiple onload functions)
O4 - Startup: Download Plus.lnk = C:\RECYCLER\NPROTECT\01306553.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: rkuu.exe
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c8.cab

close all internet browsers and click fix in Hijackthis

Now locate the following file and delete it

File:
C:\WINDOWS\System32\system.mcm



Next download the following program and clean your temp folders.
http://www.spywareaid.com/installs/CleanUp40.exe


Now download the zip file courtesy of Zupe http://ralphcaddell.com/Uploads/FindIt_NT-2K-XP.zip and unzip it to your desktop.

Go into the FindIt folder that you unzipped and doubleclick the Find.bat file to run it. It will take a few minutes to run so you will have to be patient. Save the results and post the findit log and a fresh Hijackthis log in your next response.

#5 mart55

mart55
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 27 August 2005 - 11:43 PM

QuietFusion,

I think everything was completed. In the meantime, I installed Avast. Had no luck getting rid of Norton SystemWorks. It does not show up in the add/change Programs window. Here is the Find It and HJT logs.

Thanks!!

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Documents and Settings\jaci healy\Desktop\Find It NT-2K-XP

------- System Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is DC88-6BAC

Directory of C:\WINDOWS\System32

08/24/2005 08:00 PM <DIR> DLLCACHE
06/13/2004 04:26 PM 1,020 Yfk8.ct6
06/13/2004 04:24 PM 1,020 Yfk8.cu6
04/13/2004 11:37 PM 434 Rydo84k.lat
11/23/2003 11:57 AM 0 insqcb.ins
08/20/2003 03:40 AM <DIR> Microsoft
4 File(s) 2,474 bytes
2 Dir(s) 66,902,134,784 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive C has no label.
Volume Serial Number is DC88-6BAC

Directory of C:\WINDOWS\System32

08/27/2005 11:58 PM 20,527 FFASTLOG.TXT
08/24/2005 08:00 PM <DIR> DLLCACHE
07/30/2004 12:47 AM 10,820 jeterr35.GID
06/13/2004 04:26 PM 1,020 Yfk8.ct6
06/13/2004 04:24 PM 1,020 Yfk8.cu6
04/13/2004 11:37 PM 434 Rydo84k.lat
11/23/2003 11:57 AM 0 insqcb.ins
09/03/2002 09:57 AM 488 WindowsLogon.manifest
09/03/2002 09:57 AM 488 logonui.exe.manifest
09/03/2002 09:57 AM 749 sapi.cpl.manifest
09/03/2002 09:57 AM 749 wuaucpl.cpl.manifest
09/03/2002 09:57 AM 749 ncpa.cpl.manifest
09/03/2002 09:57 AM 749 nwc.cpl.manifest
09/03/2002 09:57 AM 749 cdplayer.exe.manifest
13 File(s) 38,542 bytes
1 Dir(s) 66,902,130,688 bytes free

------------ Files Named "Guard" ---------------

Volume in drive C has no label.
Volume Serial Number is DC88-6BAC

Directory of C:\WINDOWS\System32


------ Temp Files in System32 Directory ------

Volume in drive C has no label.
Volume Serial Number is DC88-6BAC

Directory of C:\WINDOWS\System32


------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


------------- Locate.com Results -------------

C:\WINDOWS\SYSTEM32\
ffastlog.txt Sat Aug 27 2005 11:58:46p A..H. 20,527 20.04 K

1 item found: 1 file, 0 directories.
Total of file sizes: 20,527 bytes 20.04 K

-------- Strings.exe Qoologic Results --------


--------- Strings.exe Aspack Results ---------

C:\WINDOWS\SYSTEM32\MRT.exe: (ASPack)
C:\WINDOWS\SYSTEM32\MRT.exe: ASPack 1.61
C:\WINDOWS\SYSTEM32\MRT.exe: ASPack 1.084
C:\WINDOWS\SYSTEM32\MRT.exe: ASPack 1.083
C:\WINDOWS\SYSTEM32\MRT.exe: ASPack 1.08.02b
C:\WINDOWS\SYSTEM32\MRT.exe: ASPack 1.07b
C:\WINDOWS\SYSTEM32\MRT.exe: ASPack 1.05b
C:\WINDOWS\SYSTEM32\MRT.exe: ASPack 1.02
C:\WINDOWS\SYSTEM32\MRT.exe: ASPACK

-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
"VisualElementFXad"="C:\\WINDOWS\\VisualElementFXad\\VisualElementFXad.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"KAZAA"="C:\\Program Files\\Kazaa\\kazaa.exe /SYSTRAY"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"GhostStartTrayApp"="C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\GhostStartTrayApp.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"BCMSMMSG"="BCMSMMSG.exe"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"AcctMgr"="C:\\Program Files\\Norton SystemWorks\\Password Manager\\AcctMgr.exe /startup"
"MCM3"="C:\\WINDOWS\\mcm\\mcm3.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"RecoverFromReboot"="C:\\WINDOWS\\Temp\\RecoverFromReboot.exe"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"Microsoft Windows Application"="system.mcm"
"QD FastAndSafe"=""




Logfile of HijackThis v1.99.1
Scan saved at 12:27:56 AM, on 8/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\VisualElementFXad\VisualElementFXad.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\mcm\mcm3.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VisualElementFXad] C:\WINDOWS\VisualElementFXad\VisualElementFXad.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [MCM3] C:\WINDOWS\mcm\mcm3.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Microsoft Windows Application] system.mcm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...76/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124919114515
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,16/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B4B195F-123A-43E2-A948-2B7886677C65}: NameServer = 205.152.132.235 205.152.37.254
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#6 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 28 August 2005 - 04:52 AM

Ctrl+alt+delete once and end the following task.
C:\WINDOWS\mcm\mcm3.exe


Close all your running programs and run Hijackthis, place a check next to the following.

O4 - HKLM\..\Run: [MCM3] C:\WINDOWS\mcm\mcm3.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [Microsoft Windows Application] system.mcm

close all internet browsers and click fix in Hijackthis.

Now delete the following folder.

Folder:
C:\WINDOWS\mcm

Reboot and post a fresh Hijackthis log in your thread.

#7 mart55

mart55
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 28 August 2005 - 08:45 AM

QuietFusion,

Completed tasks. Here is resulting HJT log.

thanks



Logfile of HijackThis v1.99.1
Scan saved at 9:37:08 AM, on 8/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\VisualElementFXad\VisualElementFXad.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VisualElementFXad] C:\WINDOWS\VisualElementFXad\VisualElementFXad.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...76/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124919114515
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,16/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#8 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 29 August 2005 - 01:58 AM

How does the computer seem to be running now?

#9 mart55

mart55
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 29 August 2005 - 07:07 AM

QuietFusion,

Computer is running much better. Only the following problems:

Still get some misc. popups at startup - cydor ads autoloads the browser, kazaa message, and a few others. Just need to close them. Still can not get the DSL software to run, but the dial up works OK. Seems to be a problem recognizing the "Broadcom" connection. Overall - much better.

Again, thanks.

#10 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 29 August 2005 - 02:39 PM

Download Anti-Spy


Anti-Spy
  • Open Anti-Spy and make the following changes.
  • Click 'Spyware Scan'
  • Located on the Top Right
[*]Click 'Scan Options'
  • Select 'Full System Scan'
  • Now Click 'Run Scan Now'
[/list]
  • Once the Scan is complete select remove from the drop-down menu.
  • Close Out Anti-Spy
Now boot into safe mode (Reboot, Press F8 and select safe mode when prompted)
Once in safe mode run Anti-spy and remove everything it finds.

Stay in safe mode and run both Ad-aware and Spybot

Let me know the results of all 3 scans in your next post.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users