Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Spy Sheriff Spyware


  • Please log in to reply
12 replies to this topic

#1 amorlowski

amorlowski

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 14 December 2005 - 01:16 PM

I've been following the instructions on removing spysheriff from this website (topic34773)... and now I'm posting the Hijackthis log. Please help! By the way... the Housecall Anti-virus seemed to lock up, and didn't appear effective. Thanks. Right now I have a blinking white screen and popup messages still occurring.

Logfile of HijackThis v1.99.1
Scan saved at 12:57:55 PM, on 12/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1102911641\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\36D.tmp.exe
C:\WINDOWS\system32\intell32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\aol\1102911641\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\WINDOWS\system32\popcorn72.exe
C:\WINDOWS\system32\winmv32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ntqo.exe
c:\program files\common files\aol\1102911641\ee\aolsoftware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vjseq.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vjseq.dll/sp.html#77035
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vjseq.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vjseq.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vjseq.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vjseq.dll/sp.html#77035
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vjseq.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3464B493-879D-43F9-9705-2408BDC95B44} - C:\WINDOWS\system32\kbej.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {6D4A6C94-E61D-8C5B-F1A4-7FD02CF02E42} - C:\WINDOWS\d3hy32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102911641\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [alij] C:\WINDOWS\system32\run340.exe dummy
O4 - HKLM\..\Run: [iebd.exe] C:\WINDOWS\system32\iebd.exe
O4 - HKLM\..\Run: [36C.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\36C.tmp.exe
O4 - HKLM\..\Run: [36D.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\36D.tmp.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [36C.tmp.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\36C.tmp.exe
O4 - HKLM\..\Run: [36D.tmp.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\36D.tmp.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [syslq32.exe] C:\WINDOWS\system32\syslq32.exe
O4 - HKLM\..\Run: [winmv32.exe] C:\WINDOWS\system32\winmv32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "cws" "2"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySheriff]
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.4.29/aces...s-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.4.1.46/batt...x-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/check...g-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.4.0.48/supe...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.4.0.48/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.0.30/harv...t-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.4.0.48/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.4.0.48/lott...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.9.0.25/m...g-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.4.0.34/peng...s-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.4.37/flin...r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-6.0.4.37/popf...u-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.3.3.27/sque...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-6.0.1.28/ho...m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.4.2.23/peak...s-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.4.0.41/whac...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-6.0.4.37/w...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.1.1.21/worl...s-ob-assets.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://tech-b.mhi.aol.com/netagent/objects/custappx2.CAB
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejewele...aploader_v7.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 December 2005 - 08:06 PM

Hi amorlowski and Welcome to the Bleeping Computer!

Please Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop but dont run it yet.


Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directory as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Once SpySweeper is Completed-> Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam


Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply->Close->Follow the Prompts to Restart

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates

Post back with a fresh HijackThis log and the reports from SpySweeper-> Panda and smitfiles.txt

Edited by Cretemonster, 15 December 2005 - 08:07 PM.


#3 amorlowski

amorlowski
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 21 December 2005 - 10:20 PM

I followed your instructions and here are the four logs (Hijackthis, Panda, Spysweeper, and smitfiles). Please let me know what else I need to do. Thanks for all of your help!

Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 9:58:58 PM, on 12/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\AOL\1102911641\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\AOL\1102911641\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\America Online 9.0a\shellmon.exe
c:\program files\common files\aol\1102911641\ee\aolssc.exe
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {1F546F48-9AA0-41C6-7850-AD03A47588F8} - C:\WINDOWS\system32\d3md32.dll (file missing)
O2 - BHO: (no name) - {3464B493-879D-43F9-9705-2408BDC95B44} - C:\WINDOWS\system32\kbej.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {6D4A6C94-E61D-8C5B-F1A4-7FD02CF02E42} - C:\WINDOWS\d3hy32.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765725760} - C:\WINDOWS\system32\wer5760.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102911641\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [alij] C:\WINDOWS\system32\run340.exe dummy
O4 - HKLM\..\Run: [iebd.exe] C:\WINDOWS\system32\iebd.exe
O4 - HKLM\..\Run: [36C.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\36C.tmp.exe
O4 - HKLM\..\Run: [36D.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\36D.tmp.exe
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [36C.tmp.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\36C.tmp.exe
O4 - HKLM\..\Run: [36D.tmp.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\36D.tmp.exe
O4 - HKLM\..\Run: [syslq32.exe] C:\WINDOWS\system32\syslq32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1102911641\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1102911641\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.4.29/aces...s-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.4.1.46/batt...x-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/check...g-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.4.0.48/supe...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.4.0.48/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.0.30/harv...t-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.4.0.48/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.4.0.48/lott...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.9.0.25/m...g-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.4.0.34/peng...s-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.4.37/flin...r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-6.0.4.37/popf...u-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.3.3.27/sque...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-6.0.1.28/ho...m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.4.2.23/peak...s-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.4.0.41/whac...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-6.0.4.37/w...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.1.1.21/worl...s-ob-assets.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://tech-b.mhi.aol.com/netagent/objects/custappx2.CAB
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37480.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejewele...aploader_v7.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Panda SCAN:

Incident Status Location

Adware:Adware/WinHound Not disinfected C:\WINDOWS\SYSTEM32\RUN340.EXE
Adware:adware/dloader Not disinfected C:\WINDOWS\SYSTEM32\msblank.html
Adware:adware/topspyware Not disinfected C:\WINDOWS\SYSTEM32\spoolsrv32.exe
Adware:adware/cws.searchmeup Not disinfected C:\Documents and Settings\Owner\Desktop\2.dat
Adware:adware/spysheriff Not disinfected Windows Registry
Possible Virus. Not disinfected C:\r.exe
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr271.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr3.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr323.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr457.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr477.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr48.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr500.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr503.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr537.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr550.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr573.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr60.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr610.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr640.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr744.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr785.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr928.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr959.dll
Adware:Adware/Startpage.AEX Not disinfected C:\WINDOWS\system32\popcorn72.exe
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\run340.exe
Adware:Adware/TopSpyware Not disinfected C:\WINDOWS\system32\spoolsrv32.exe
Adware:Adware/TopSpyware Not disinfected C:\WINDOWS\system32\srpcsrv32.dll
Adware:Adware/TopSpyware Not disinfected C:\WINDOWS\system32\txfdb32.dll
Adware:Adware/Startpage.AEX Not disinfected C:\WINDOWS\system32\upd471.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\upd477.exe
Adware:Adware/Startpage.AEX Not disinfected C:\WINDOWS\system32\upd66.exe
Adware:Adware/TopSpyware Not disinfected C:\WINDOWS\system32\upd698.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\upd86.exe
SpySweeper log:
********
6:55 PM: | Start of Session, Wednesday, December 21, 2005 |
6:55 PM: Spy Sweeper started
6:55 PM: Sweep initiated using definitions version 589
6:55 PM: Starting Memory Sweep
6:56 PM: The Spy Communication shield has blocked access to: www.trackhits.cc
6:56 PM: The Spy Communication shield has blocked access to: www.trackhits.cc
6:58 PM: Found Adware: cws_ns3
6:58 PM: Detected running threat: C:\WINDOWS\system32\msjh.exe (ID = 8)
6:59 PM: Detected running threat: C:\WINDOWS\atlwo32.dll (ID = 8)
7:00 PM: Found Adware: psguard
7:00 PM: Detected running threat: C:\WINDOWS\system32\intell32.exe (ID = 133867)
7:00 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || intell32.exe (ID = 0)
7:00 PM: Detected running threat: C:\WINDOWS\system32\winmv32.exe (ID = 8)
7:00 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || winmv32.exe (ID = 0)
7:00 PM: Memory Sweep Complete, Elapsed Time: 00:04:46
7:00 PM: Starting Registry Sweep
7:00 PM: HKCR\clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}\ (ID = 118649)
7:00 PM: HKLM\software\classes\clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}\ (ID = 120496)
7:00 PM: Found Adware: cws_ns3 hijacker
7:00 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 123399)
7:00 PM: Found Adware: desktop hijacker
7:00 PM: HKLM\software\microsoft\windows\currentversion\runonce\ || srv32 spool service (ID = 124948)
7:00 PM: HKLM\software\microsoft\windows\currentversion\uninstall\browser helper\ (2 subtraces) (ID = 124951)
7:00 PM: Found Adware: psguard desktop hijacker
7:00 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet update\ (2 subtraces) (ID = 136964)
7:00 PM: HKLM\software\microsoft\windows\currentversion\run\ || intell32.exe (ID = 683186)
7:00 PM: HKU\S-1-5-21-2084504255-1730790045-971839963-1003\software\microsoft\windows\currentversion\runonce\ || srv32 spool service (ID = 124945)
7:00 PM: Found Adware: spysheriff
7:00 PM: HKU\S-1-5-21-2084504255-1730790045-971839963-1003\software\microsoft\windows\currentversion\run\ || spysheriff (ID = 142123)
7:01 PM: Registry Sweep Complete, Elapsed Time:00:00:20
7:01 PM: Starting Cookie Sweep
7:01 PM: Found Spy Cookie: centrport net cookie
7:01 PM: owner@centrport[1].txt (ID = 2374)
7:01 PM: Found Spy Cookie: 2o7.net cookie
7:01 PM: owner@microsoftwga.112.2o7[1].txt (ID = 1958)
7:01 PM: Found Spy Cookie: topantispyware cookie
7:01 PM: owner@www.topantispyware[1].txt (ID = 3552)
7:01 PM: Found Spy Cookie: adserver cookie
7:01 PM: owner@z1.adserver[1].txt (ID = 2142)
7:01 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
7:01 PM: Starting File Sweep
7:01 PM: Found Adware: winhound spyware remover
7:01 PM: c:\program files\winhound (1 subtraces) (ID = -2147462133)
7:01 PM: c:\documents and settings\owner\application data\winhound.com (11 subtraces) (ID = -2147462035)
7:01 PM: Found Adware: cws_tiny0
7:01 PM: setuperr.log:yfugxm (ID = 204)
7:01 PM: a0065456.dll (ID = 198826)
7:01 PM: iebk32.exe (ID = 204)
7:01 PM: a0065615.dll (ID = 198826)
7:01 PM: a0065272.prx:swaff (ID = 200)
7:01 PM: addrr32.exe (ID = 204)
7:01 PM: a0065608.dll (ID = 198830)
7:01 PM: a0065457.dll (ID = 198827)
7:01 PM: d3wl.exe (ID = 204)
7:01 PM: heur001.dll (ID = 198826)
7:01 PM: a0065514.prx:swaff (ID = 200)
7:01 PM: a0065458.dll (ID = 198828)
7:01 PM: sysos32.exe (ID = 200)
7:01 PM: msdfmap.ini:tltkep (ID = 204)
7:01 PM: a0065455.dll (ID = 198825)
7:01 PM: a0065607.dll (ID = 198829)
7:01 PM: windows update.log:mktemi (ID = 204)
7:01 PM: {fc92def6-b98a-462f-bdec-6f8042f11c76}.dat:cmdboh (ID = 204)
7:01 PM: a0065604.exe (ID = 200)
7:02 PM: a0065743.prx:swaff (ID = 200)
7:02 PM: a0065464.prx:swaff (ID = 200)
7:02 PM: a0065614.dll (ID = 198825)
7:02 PM: a0065616.dll (ID = 198827)
7:02 PM: heur002.dll (ID = 198827)
7:02 PM: ieno32.exe (ID = 204)
7:02 PM: a0065137.prx:swaff (ID = 200)
7:02 PM: a0065160.prx:swaff (ID = 200)
7:02 PM: setup.ico:febbdb (ID = 205)
7:02 PM: a0065140.ico:febbdb (ID = 205)
7:02 PM: a0067333.dll (ID = 205)
7:02 PM: symevent.log:revsog (ID = 200)
7:02 PM: wmsyspr9.prx:swaff (ID = 200)
7:03 PM: a0067474.old:ckocm (ID = 200)
7:03 PM: a0065597.dll (ID = 206115)
7:03 PM: reglocs.old:ckocm (ID = 200)
7:03 PM: a0065275.ico:febbdb (ID = 205)
7:03 PM: a0065591.dll (ID = 206111)
7:04 PM: heur003.dll (ID = 198828)
7:04 PM: a0065609.exe (ID = 198832)
7:04 PM: a0065596.exe (ID = 206114)
7:04 PM: a0065617.dll (ID = 198828)
7:04 PM: heur000.dll (ID = 198825)
7:04 PM: mfcsg.exe (ID = 204)
7:04 PM: atlji.exe (ID = 204)
7:04 PM: a0067473.dll (ID = 205)
7:04 PM: ieqm32.exe (ID = 204)
7:04 PM: msiq32.exe (ID = 204)
7:04 PM: addft.exe (ID = 204)
7:04 PM: a0065624.prx:swaff (ID = 200)
7:04 PM: ntnz32.exe (ID = 204)
7:04 PM: a0065655.prx:swaff (ID = 200)
7:05 PM: kb888302.log:bowpgc (ID = 204)
7:05 PM: a0066189.ini:vusxr (ID = 200)
7:05 PM: a0066236.ini:vusxr (ID = 200)
7:05 PM: kb899588.log:vofiv (ID = 200)
7:05 PM: wmsyspr9.prx:vdmxk (ID = 205)
7:05 PM: greenstone.bmp:usmbxt (ID = 200)
7:05 PM: a0065158.ico:febbdb (ID = 205)
7:05 PM: netxq32.exe (ID = 204)
7:05 PM: d3yg.exe (ID = 204)
7:06 PM: a0065447.dll (ID = 198829)
7:06 PM: d3iv32.exe (ID = 204)
7:06 PM: a0065783.prx:swaff (ID = 200)
7:06 PM: ntlo.exe (ID = 204)
7:06 PM: apivk.exe (ID = 204)
7:06 PM: winsq.exe (ID = 204)
7:06 PM: mssk32.exe (ID = 204)
7:07 PM: heur000.dll (ID = 198825)
7:07 PM: a0066235.ini:zretg (ID = 205)
7:08 PM: atliu.exe (ID = 204)
7:08 PM: d3gv32.exe (ID = 204)
7:08 PM: appvf32.exe (ID = 204)
7:08 PM: a0065794.prx:swaff (ID = 200)
7:08 PM: sysmy.exe (ID = 204)
7:09 PM: sysya.exe (ID = 204)
7:09 PM: msdk32.exe (ID = 200)
7:09 PM: upst.ini:vusxr (ID = 200)
7:10 PM: appoh32.exe (ID = 200)
7:10 PM: nsreg.dat:mmlqgs (ID = 200)
7:10 PM: regopt.log:vcyih (ID = 205)
7:10 PM: heur001.dll (ID = 198826)
7:10 PM: sdkrz32.exe (ID = 204)
7:10 PM: {fc92def6-b98a-462f-bdec-6f8042f11c76}.dat:czelr (ID = 200)
7:10 PM: a0066188.ini:zretg (ID = 205)
7:11 PM: a0065449.exe (ID = 198831)
7:11 PM: mfcfb.exe (ID = 204)
7:16 PM: msjh.exe (ID = 204)
7:16 PM: winmv32.exe (ID = 200)
7:16 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || winmv32.exe (ID = 0)
7:16 PM: intell32.exe (ID = 133867)
7:16 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || intell32.exe (ID = 0)
7:16 PM: addcq32.exe (ID = 204)
7:17 PM: ieck32.exe (ID = 204)
7:17 PM: ntqo.exe (ID = 204)
7:17 PM: faxsetup.log:brtwdr (ID = 204)
7:17 PM: Found Adware: coolwebsearch (cws)
7:17 PM: vjseq.dll (ID = 190732)
7:17 PM: sdkih.exe (ID = 204)
7:17 PM: kb828028.log:sodpno (ID = 190732)
7:17 PM: mfckh.exe (ID = 204)
7:17 PM: mszz32.exe (ID = 204)
7:17 PM: kb889293-ie6sp1-20041111.235619.log:wrdgm (ID = 205)
7:17 PM: spysheriff.exe (ID = 198831)
7:17 PM: a0065618.exe (ID = 198831)
7:18 PM: heur002.dll (ID = 198827)
7:20 PM: slingo.ini:zretg (ID = 205)
7:21 PM: heur003.dll (ID = 198828)
7:21 PM: a0066333.dll (ID = 205)
7:21 PM: a0065448.dll (ID = 198830)
7:21 PM: a0065450.exe (ID = 198832)
7:22 PM: a0065442.exe (ID = 200)
7:24 PM: search the web.url (ID = 54454)
7:24 PM: only sex website.url (ID = 54373)
7:24 PM: seven days of free porn.url (ID = 54472)
7:24 PM: credit counseling.url (ID = 130668)
7:24 PM: insurance home.url (ID = 130676)
7:24 PM: mortgage life insurance.url (ID = 130681)
7:24 PM: help desk software.url (ID = 130675)
7:24 PM: ab scissor.url (ID = 130666)
7:24 PM: videos.url (ID = 130694)
7:24 PM: what is hydrocodone.url (ID = 130695)
7:24 PM: online gambling casino.url (ID = 130684)
7:24 PM: refinancing my mortgage.url (ID = 130691)
7:24 PM: debt credit card.url (ID = 130671)
7:24 PM: fha.url (ID = 130673)
7:24 PM: loan for debt consolidation.url (ID = 130677)
7:24 PM: health insurance.url (ID = 130674)
7:24 PM: personal loans online.url (ID = 130688)
7:24 PM: payroll advance.url (ID = 130687)
7:24 PM: marketing email.url (ID = 130679)
7:24 PM: prescription drugs rx online.url (ID = 130690)
7:24 PM: credit report.url (ID = 130669)
7:24 PM: tahoe vacation rental.url (ID = 130692)
7:24 PM: escorts.url (ID = 130672)
7:24 PM: order phentermine.url (ID = 130686)
7:24 PM: mortgage insurance.url (ID = 130680)
7:24 PM: personal loans with bad credit.url (ID = 130689)
7:24 PM: crm software.url (ID = 130670)
7:24 PM: nevada corporations.url (ID = 130682)
7:24 PM: unsecured bad credit loans.url (ID = 130693)
7:24 PM: loan for people with bad credit.url (ID = 130678)
7:24 PM: broadband comparison.url (ID = 130667)
7:24 PM: online betting site.url (ID = 130683)
7:24 PM: online instant loan.url (ID = 130685)
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: 20051213234604.zip (ID = 130666)
7:27 PM: 20051221183657.zip (ID = 54373)
7:27 PM: 20051214142554.zip (ID = 190732)
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: Warning: Invalid Stream
7:27 PM: Warning: Invalid Stream
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: Warning: Invalid file - not a PKZip file
7:27 PM: File Sweep Complete, Elapsed Time: 00:26:44
7:27 PM: Full Sweep has completed. Elapsed time 00:31:56
7:27 PM: Traces Found: 183
7:28 PM: Removal process initiated
7:29 PM: Quarantining All Traces: cws_ns3
7:29 PM: Quarantining All Traces: psguard
7:29 PM: psguard is in use. It will be removed on reboot.
7:29 PM: intell32.exe is in use. It will be removed on reboot.
7:29 PM: Quarantining All Traces: spysheriff
7:29 PM: Quarantining All Traces: coolwebsearch (cws)
7:29 PM: Quarantining All Traces: cws_tiny0
7:30 PM: cws_tiny0 is in use. It will be removed on reboot.
7:30 PM: msjh.exe is in use. It will be removed on reboot.
7:30 PM: winmv32.exe is in use. It will be removed on reboot.
7:30 PM: Quarantining All Traces: psguard desktop hijacker
7:30 PM: Quarantining All Traces: cws_ns3 hijacker
7:30 PM: Quarantining All Traces: desktop hijacker
7:30 PM: Quarantining All Traces: winhound spyware remover
7:30 PM: Quarantining All Traces: 2o7.net cookie
7:30 PM: Quarantining All Traces: adserver cookie
7:30 PM: Quarantining All Traces: centrport net cookie
7:30 PM: Quarantining All Traces: topantispyware cookie
7:31 PM: Removal process completed. Elapsed time 00:02:47
********
6:54 PM: | Start of Session, Wednesday, December 21, 2005 |
6:54 PM: Spy Sweeper started
6:54 PM: Your spyware definitions have been updated.
6:55 PM: | End of Session, Wednesday, December 21, 2005 |


smitfiles log:


smitRem log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Wed 12/21/2005
The current time is: 20:11:28.70

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

warnhp.html


~~~ Drive root ~~~

winstall.exe

~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1116 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :thumbsup:

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 22 December 2005 - 04:16 AM

Please go to Add\Remove Programs and Remove

MyWebSearch
WeatherBug
WinHound



Download cwsserviceremove and unzip it to your desktop.
http://ralphcaddell.com/Uploads/cwsserviceremove.zip
Don't run it yet.


ABout Buster
http://www.besttechie.net/forums/index.php?showtopic=1488

Follow the Instructions inside the link to Update it,We will run it it Safe Mode


Download CleanUp
Install the program, dont run it yet, we will later.


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\wer5760.dll
    C:\Documents and Settings\Owner\Desktop\2.dat
    C:\Documents and Settings\Owner\Local Settings\Temp\36C.tmp.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\36D.tmp.exe
    C:\r.exe
    C:\WINDOWS\system32\iebd.exe
    C:\WINDOWS\system32\syslq32.exe
    C:\WINDOWS\SYSTEM32\msblank.html
    C:\WINDOWS\system32\ldr271.dll
    C:\WINDOWS\system32\ldr3.dll
    C:\WINDOWS\system32\ldr323.dll
    C:\WINDOWS\system32\ldr457.dll
    C:\WINDOWS\system32\ldr477.dll
    C:\WINDOWS\system32\ldr48.dll
    C:\WINDOWS\system32\ldr500.dll
    C:\WINDOWS\system32\ldr503.dll
    C:\WINDOWS\system32\ldr537.dll
    C:\WINDOWS\system32\ldr550.dll
    C:\WINDOWS\system32\ldr573.dll
    C:\WINDOWS\system32\ldr60.dll
    C:\WINDOWS\system32\ldr610.dll
    C:\WINDOWS\system32\ldr640.dll
    C:\WINDOWS\system32\ldr744.dll
    C:\WINDOWS\system32\ldr785.dll
    C:\WINDOWS\system32\ldr928.dll
    C:\WINDOWS\system32\ldr959.dll
    C:\WINDOWS\system32\popcorn72.exe
    C:\WINDOWS\system32\run340.exe
    C:\WINDOWS\system32\spoolsrv32.exe
    C:\WINDOWS\system32\srpcsrv32.dll
    C:\WINDOWS\system32\txfdb32.dll
    C:\WINDOWS\system32\upd471.exe
    C:\WINDOWS\system32\upd477.exe
    C:\WINDOWS\system32\upd66.exe
    C:\WINDOWS\system32\upd698.exe
    C:\WINDOWS\system32\upd86.exe


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Select Delete on Reboot and Unregister .dll before Deleting
  • then Click on the All Files button.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


Reboot into SAFE MODE(Tap F8 when restarting)

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:
http://www.bleepingcomputer.com/forums/ind...torial=62#winxp


Locate and Delete these folders

C:\Program Files\WinHound

C:\Program Files\MyWebSearchWB

C:\Program Files\AWS


Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {1F546F48-9AA0-41C6-7850-AD03A47588F8} - C:\WINDOWS\system32\d3md32.dll (file missing)

O2 - BHO: (no name) - {3464B493-879D-43F9-9705-2408BDC95B44} - C:\WINDOWS\system32\kbej.dll (file missing)

O2 - BHO: Class - {6D4A6C94-E61D-8C5B-F1A4-7FD02CF02E42} - C:\WINDOWS\d3hy32.dll (file missing)

O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL

O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765725760} - C:\WINDOWS\system32\wer5760.dll

O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)

O4 - HKLM\..\Run: [alij] C:\WINDOWS\system32\run340.exe dummy

O4 - HKLM\..\Run: [iebd.exe] C:\WINDOWS\system32\iebd.exe

O4 - HKLM\..\Run: [36C.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\36C.tmp.exe

O4 - HKLM\..\Run: [36D.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\36D.tmp.exe

O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe

O4 - HKLM\..\Run: [36C.tmp.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\36C.tmp.exe

O4 - HKLM\..\Run: [36D.tmp.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\36D.tmp.exe

O4 - HKLM\..\Run: [syslq32.exe] C:\WINDOWS\system32\syslq32.exe

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) -

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Run ABout Buster just as described in the link!

Please run it until you get these Results:

No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY



Double-click the cwsserviceremove.reg file you downloaded at the beginning.
Answer "Yes"when prompted to add the contents to the registry.


Now run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp
Restart Normal and have the PC Scanned here:
TrojanScan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates


Now,Make sure Spysweeper is updated and Scan the System once more,Save the Session log just as before.


Post back with a fresh HijackThis log and the reports from SpySweeper and TrojanScan

#5 amorlowski

amorlowski
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 26 December 2005 - 02:22 PM

Ok...from the beginning...WinHound was not present when i went into Add/Remove Programs. I removed all of the Weatherbug stuff it would allow me to, and I removed MyWebSearch. Upon deleting files in HijackThis, 3 of the ones you mentioned were not present:

O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL

O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765725760} - C:\WINDOWS\system32\wer5760.dll

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

When I tried to run the TrojanScan, it worked, but did not allow me to copy the report generated, so I downloaded "A-squared" free trial, and ran the thing again. It seemed to give me the same results, which I will post.

Everything else appeared to work as you told me to do it. Here are the logs, and thanks for your help!

HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 2:10:43 PM, on 12/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1102911641\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\AOL\1102911641\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\common files\aol\1102911641\ee\aolssc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102911641\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1102911641\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1102911641\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.4.29/aces...s-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.4.1.46/batt...x-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/check...g-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.4.0.48/supe...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.4.0.48/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.0.30/harv...t-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.4.0.48/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.4.0.48/lott...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.9.0.25/m...g-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.4.0.34/peng...s-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.4.37/flin...r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-6.0.4.37/popf...u-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.3.3.27/sque...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-6.0.1.28/ho...m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.4.2.23/peak...s-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.4.0.41/whac...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-6.0.4.37/w...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.1.1.21/worl...s-ob-assets.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://tech-b.mhi.aol.com/netagent/objects/custappx2.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejewele...aploader_v7.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

SpySweeper Log:

********
1:29 PM: | Start of Session, Monday, December 26, 2005 |
1:29 PM: Spy Sweeper started
1:29 PM: Sweep initiated using definitions version 589
1:29 PM: Starting Memory Sweep
1:33 PM: Memory Sweep Complete, Elapsed Time: 00:04:19
1:33 PM: Starting Registry Sweep
1:33 PM: Found Adware: cws-aboutblank
1:33 PM: HKLM\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115926)
1:33 PM: HKU\S-1-5-21-2084504255-1730790045-971839963-1003\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115923)
1:33 PM: Registry Sweep Complete, Elapsed Time:00:00:19
1:33 PM: Starting Cookie Sweep
1:33 PM: Found Spy Cookie: centrport net cookie
1:33 PM: owner@centrport[1].txt (ID = 2374)
1:33 PM: Found Spy Cookie: questionmarket cookie
1:33 PM: owner@questionmarket[1].txt (ID = 3217)
1:33 PM: Found Spy Cookie: tribalfusion cookie
1:33 PM: owner@tribalfusion[1].txt (ID = 3589)
1:33 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:33 PM: Starting File Sweep
1:34 PM: Found Adware: cws_tiny0
1:34 PM: a0067559.exe (ID = 204)
1:34 PM: a0067558.exe (ID = 204)
1:34 PM: a0067557.exe (ID = 204)
1:34 PM: a0067556.exe (ID = 200)
1:34 PM: a0067554.exe (ID = 204)
1:35 PM: a0067522.ini:zretg (ID = 205)
1:37 PM: a0067552.exe (ID = 204)
1:37 PM: a0067551.exe (ID = 204)
1:37 PM: a0067550.exe (ID = 204)
1:37 PM: a0067549.exe (ID = 204)
1:37 PM: a0067548.exe (ID = 204)
1:37 PM: a0067547.exe (ID = 204)
1:38 PM: a0067545.exe (ID = 204)
1:38 PM: a0067544.exe (ID = 204)
1:38 PM: a0067543.exe (ID = 204)
1:38 PM: a0067542.exe (ID = 204)
1:38 PM: a0067541.exe (ID = 204)
1:38 PM: a0067540.exe (ID = 204)
1:38 PM: a0067539.exe (ID = 204)
1:39 PM: a0067532.ini:vusxr (ID = 200)
1:39 PM: a0067546.prx:swaff (ID = 200)
1:39 PM: a0067546.prx:vdmxk (ID = 205)
1:40 PM: a0067538.exe (ID = 204)
1:40 PM: a0067537.exe (ID = 204)
1:40 PM: a0067536.exe (ID = 204)
1:40 PM: a0067535.exe (ID = 204)
1:40 PM: a0067534.exe (ID = 204)
1:41 PM: a0067533.exe (ID = 200)
1:41 PM: a0067531.exe (ID = 200)
1:41 PM: a0067530.exe (ID = 204)
1:42 PM: a0067529.exe (ID = 204)
1:44 PM: a0067553.ico:febbdb (ID = 205)
1:45 PM: a0067555.ini:tltkep (ID = 204)
1:46 PM: a0067518.exe (ID = 204)
1:46 PM: a0067519.exe (ID = 200)
1:46 PM: a0067528.exe (ID = 204)
1:46 PM: a0067527.exe (ID = 204)
1:46 PM: a0067526.exe (ID = 204)
1:46 PM: Found Adware: coolwebsearch (cws)
1:46 PM: a0067521.dll (ID = 190732)
1:46 PM: a0067525.exe (ID = 204)
1:46 PM: a0067524.exe (ID = 204)
1:46 PM: a0067523.exe (ID = 204)
1:52 PM: Found Adware: purityscan
1:52 PM: a0067667.ini (ID = 73333)
1:52 PM: a0067612.ini (ID = 54671)
1:54 PM: File Sweep Complete, Elapsed Time: 00:20:44
1:54 PM: Full Sweep has completed. Elapsed time 00:25:27
1:54 PM: Traces Found: 49
2:02 PM: Removal process initiated
2:02 PM: Quarantining All Traces: cws-aboutblank
2:02 PM: Quarantining All Traces: purityscan
2:02 PM: Quarantining All Traces: coolwebsearch (cws)
2:02 PM: Quarantining All Traces: cws_tiny0
2:02 PM: Quarantining All Traces: centrport net cookie
2:02 PM: Quarantining All Traces: questionmarket cookie
2:02 PM: Quarantining All Traces: tribalfusion cookie
2:02 PM: Removal process completed. Elapsed time 00:00:22

A-squared log:

Filename Diagnosis
C:\!KillBox\run340.exe Trojan-Downloader.Win32.Small.cat
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt Trace.TrackingCookie
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt Trace.TrackingCookie
C:\Documents and Settings\Owner\Desktop\smitRem\Process.exe Riskware.RiskTool.Win32.Processor.20
C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\runner.exe Adware.BackWeb.a
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL Adware.ToolBar.MyWay.j
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe Adware.BackWeb.a
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Riskware.Downloader.Win32.PopCap.c
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll Adware.WildTangent.b
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll Adware.WildTangent.b
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll Adware.WildTangent.b

#6 amorlowski

amorlowski
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 27 December 2005 - 10:15 PM

I guess I should have also mentioned...most things affected by the spyware seem back to normal!! My background is no longer the flashing white nuisance, and pop ups regarding spysherrif are not popping up. Yea! One of my programs keeps telling me it's blocking CWSHomeSearch. Not sure if that's bad. the only other thing I've seen happen (but not since the fixes performed yesterday) is that if I get on the internet straight thru Microsoft Explorer (instead of AOL) the computer twice has gone to a porn site (different site each time) and starts opening up continuous browser windows. It was impossible to stop, except by a hard shutdown. The computer just locked up everything except for opening up more windows - up to 55 before I shut down. Was this related to spy sherriff or something else? Sorry for the rambling, but i am so grateful for all of your help!! Thanks!

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 28 December 2005 - 01:54 PM

Sorry for the delays,Ive been a bit under the weather.

Lets see if we can resolve the CWS issues now.

Download the following but please dont run them until I ask.

CWShredder
http://cwshredder.net/bin/CWShredder.exe

Double Click CWShredder.exe to run it>>Click Check Check For Update
Close it out once updated,We will run it in Safe Mode!

Download cwsserviceremove and unzip it to your desktop.
http://ralphcaddell.com/Uploads/cwsserviceremove.zip
Don't run it yet.

ABout Buster
http://www.besttechie.net/forums/index.php?showtopic=1488

Follow the Instructions inside the link to Update it,We will run it it Safe Mode


Restart in Safe Mode and Run CWShredder

Click "Fix ->" and click "OK" at the prompt.
CWShredder will scan and clean your system of CWS files.
Click "Next->" and then "Exit"

Run ABout Buster just as described in the link!

Please run it until you get these Results:

No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY


Double-click the cwsserviceremove.reg file you downloaded at the beginning.
Answer "Yes"when prompted to add the contents to the registry.


Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates

Open IE and Click Tools-> Internet Options-> Programs and then click "Reset Web Settings"

Now go back and Click the Advanced Tab and then Click "Restore Defaults"

Post back with a fresh HijackThis log and the report from Panda.

#8 amorlowski

amorlowski
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 03 January 2006 - 08:56 PM

CWShredder and CWSserviceremove showed no CWS files...hmmm. Well, here are the 2 logs you requested. Thanks for all your help. Now I just have to update my computer protection for good. Do you think the "Privacy wall" protection offered by AOL is any good, or would I be better off with Spysweeper for a firewall? Thanks.

Panda Scan:


Incident Status Location

Adware:adware/spysheriff Not disinfected Windows Registry
Adware:Adware/WinHound Not disinfected C:\!KillBox\ldr271.dll
Adware:Adware/WinHound Not disinfected C:\!KillBox\ldr3.dll
Adware:Adware/WinHound Not disinfected C:\!KillBox\ldr323.dll
Adware:Adware/WinHound Not disinfected C:\!KillBox\ldr457.dll
Adware:Adware/WinHound Not disinfected C:\!KillBox\ldr477.dll
Adware:Adware/WinHound Not disinfected C:\!KillBox\ldr48.dll
Adware:Adware/WinHound Not disinfected C:\!KillBox\ldr500.dll
Adware:Adware/WinHound Not disinfected C:\!KillBox\ldr503.dll
Adware:Adware/WinHound Not disinfected C:\!KillBox\ldr537.dll
Adware:Adware/WinHound Not disinfected C:\!KillBox\ldr550.dll
Adware:Adware/WinHound Not disinfected C:\!KillBox\ldr573.dll
Adware:Adware/WinHound Not disinfected C:\!KillBox\ldr60.dll
Adware:Adware/WinHound Not disinfected C:\!KillBox\ldr610.dll
Adware:Adware/WinHound Not disinfected C:\!KillBox\ldr640.dll
Adware:Adware/WinHound Not disinfected C:\!KillBox\ldr744.dll
Adware:Adware/WinHound Not disinfected C:\!KillBox\ldr785.dll
Adware:Adware/WinHound Not disinfected C:\!KillBox\ldr928.dll
Adware:Adware/WinHound Not disinfected C:\!KillBox\ldr959.dll
Adware:Adware/Startpage.AEX Not disinfected C:\!KillBox\popcorn72.exe
Virus:Trj/Agent.AZH Not disinfected C:\!KillBox\r.exe
Adware:Adware/WinHound Not disinfected C:\!KillBox\run340.exe
Adware:Adware/TopSpyware Not disinfected C:\!KillBox\spoolsrv32.exe
Adware:Adware/TopSpyware Not disinfected C:\!KillBox\srpcsrv32.dll
Adware:Adware/TopSpyware Not disinfected C:\!KillBox\txfdb32.dll
Adware:Adware/Startpage.AEX Not disinfected C:\!KillBox\upd471.exe
Adware:Adware/Adsmart Not disinfected C:\!KillBox\upd477.exe
Adware:Adware/Startpage.AEX Not disinfected C:\!KillBox\upd66.exe
Adware:Adware/TopSpyware Not disinfected C:\!KillBox\upd698.exe
Adware:Adware/Adsmart Not disinfected C:\!KillBox\upd86.exe
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr263.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr539.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr743.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr81.dll


Hijackthis scan:
Logfile of HijackThis v1.99.1
Scan saved at 8:47:49 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1102911641\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1102911641\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\aol\1102911641\ee\aolssc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102911641\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1102911641\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1102911641\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.4.29/aces...s-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.4.1.46/batt...x-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/check...g-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.4.0.48/supe...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.4.0.48/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.0.30/harv...t-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.4.0.48/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.4.0.48/lott...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.9.0.25/m...g-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.4.0.34/peng...s-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.4.37/flin...r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-6.0.4.37/popf...u-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.3.3.27/sque...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-6.0.1.28/ho...m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.4.2.23/peak...s-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.4.0.41/whac...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-6.0.4.37/w...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.1.1.21/worl...s-ob-assets.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://tech-b.mhi.aol.com/netagent/objects/custappx2.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejewele...aploader_v7.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 04 January 2006 - 06:09 PM

Using Killbox just as instructed before

Delete these files

C:\WINDOWS\system32\ldr263.dll
C:\WINDOWS\system32\ldr539.dll
C:\WINDOWS\system32\ldr743.dll
C:\WINDOWS\system32\ldr81.dll



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#10 amorlowski

amorlowski
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 04 January 2006 - 10:07 PM

Here's the Kaspersky Scan:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, January 04, 2006 22:03:28
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 5/01/2006
Kaspersky Anti-Virus database records: 169175
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 90929
Number of viruses found: 40
Number of infected objects: 354
Number of suspicious objects: 0
Duration of the scan process: 4795 sec

Infected Object Name - Virus Name
C:\!KillBox\ldr263.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr271.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr3.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr323.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr457.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr477.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr48.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr500.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr503.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr537.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr539.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr550.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr573.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr60.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr610.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr640.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr743.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr744.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr785.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr81.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr928.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\ldr959.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\popcorn72.exe Infected: Trojan-Downloader.Win32.Small.bgv
C:\!KillBox\run340.exe Infected: Trojan-Downloader.Win32.Small.cat
C:\!KillBox\spoolsrv32.exe Infected: not-a-virus:AdWare.Win32.FindSpy.e
C:\!KillBox\srpcsrv32.dll Infected: Trojan-Downloader.Win32.Agent.rm
C:\!KillBox\txfdb32.dll Infected: Trojan-Downloader.Win32.Agent.rm
C:\!KillBox\upd471.exe Infected: Trojan-Downloader.Win32.Small.bgv
C:\!KillBox\upd477.exe Infected: Trojan-Downloader.Win32.Small.bpz
C:\!KillBox\upd66.exe Infected: Trojan-Downloader.Win32.Small.bgv
C:\!KillBox\upd698.exe Infected: Trojan-Dropper.Win32.Small.zp
C:\!KillBox\upd86.exe Infected: Trojan-Downloader.Win32.Small.bpz
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL Infected: not-a-virus:AdWare.Win32.MyWay.j
C:\Program Files\MySearch\bar\1.bin\S42NS.EXE Infected: not-a-virus:AdWare.Win32.MyWay.j
C:\Program Files\Norton AntiVirus\Quarantine\002F2E13.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\00646027.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\00767D41.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Program Files\Norton AntiVirus\Quarantine\02076687.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\02185A57.exe Infected: Trojan-Proxy.Win32.Mitglieder.ct
C:\Program Files\Norton AntiVirus\Quarantine\02185A57.htm Infected: Exploit.HTML.CodeBaseExec
C:\Program Files\Norton AntiVirus\Quarantine\035C2889.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\04407941.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\044D0C1A.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\05240C50.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\05AD4A34.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\064E3DA2.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\07D11F24.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\08651EF8.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\08D02B21.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\08F91ECC.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\098D1EA0.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\09934FE0.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\09F1646E.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0A051C8B.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0A201E74.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0AB41E48.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0AEB41BB.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0AFA0C66.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0B481E1C.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0B84783B Infected: Exploit.HTML.DragDrop
C:\Program Files\Norton AntiVirus\Quarantine\0B8E261E.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0BDF405C.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0BF41C26.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0BF67E1D.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0C701DC4.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0D041D98.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0D7039E7.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0D922CF0.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0D981D6C.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0EC01D14.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0F541CE8.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0F887968.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\0FE81CBB.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\107B1C8F.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\110F1C63.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\11790387.tmp Infected: Exploit.VBS.Phel.i
C:\Program Files\Norton AntiVirus\Quarantine\11977D66.jar/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\11977D66.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\11977D66.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\11977D66.jar Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\11D53EC5.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\121A5E62.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\14513DB5.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\14B908D4.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\16274DBA.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\16782C90.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\176A4E45.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\17845824.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\193A305E.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\1D4D08CE.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\1DFE3356.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\1E0B5324.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\1E1B2512.jar/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\1E1B2512.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\1E1B2512.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\1E1B2512.jar Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\1E2C7700.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\1F5676D4.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\200B5B09.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\203C1016.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\205B025A.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\208B5CD1.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\208E06CE.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\209230CA.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\20955AC6.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\209804C3.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\209C2EBF.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\209F58BC.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\20A202B8.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\20A52CB4.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\20A956B1.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\20AC00AD.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\20AF2AAA.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\20B254A6.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\20B67EA2.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\20B9289F.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\20BC529B.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\20BF7C98.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\215E53FC.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\22D12A67.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\22DE1E6E.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\2306409E.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\23151423.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\23343623.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\23FA5626 Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\249F2D17.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\25086CA4.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\25576154.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\26657754.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\277B5456.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\297F6A59.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\2A084007.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\2A2627E6.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\2A2D1C82.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\2AF06C26.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\2BDA6825 Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\2C496E3F Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\2C536C34 Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\2D8F3587.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\2E9B2651.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\2EA55022.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\2F0B4629.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\2F4E317D.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\30147577.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\304D0175.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\31547867.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\31BC48C9.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\324C2164.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\33441BBD.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\334B715C.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\3384375E.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\344A4154.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\3549114C.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\35805398.jar/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\35805398.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\35805398.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\35805398.jar Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\36486144.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\364E1C77.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\368922EC.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\36F57945.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\37827E34.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\37DD3E31.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\3A1C5675.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\3A350C20.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\3A653B2C.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\3A656DB9.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\3A726E2A.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\3A9C0228.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\3AC30A9F.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\3BFD1F08.jar/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\3BFD1F08.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\3BFD1F08.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\3BFD1F08.jar Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\3C2F198D.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\3CA04E71.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\3CBA0ED0.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\3D49339E.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\3DA43A81.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\3DD67D13.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\3DDD236A.htm Infected: Trojan-Clicker.JS.Linker.k
C:\Program Files\Norton AntiVirus\Quarantine\3DDD236A.jar/web.exe Infected: Virus.Win32.Bube.k
C:\Program Files\Norton AntiVirus\Quarantine\3DDD236A.jar/Counter.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\3DDD236A.jar/VerifierBug.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\3DDD236A.jar/Worker.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\3DDD236A.jar/Xeyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\3DDD236A.jar Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\3DE14D67.htm Infected: Virus.Win32.Bube.k
C:\Program Files\Norton AntiVirus\Quarantine\3E5739E8.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\3FA13030.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\3FBD7DE1.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\3FC127DD.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\41473EFA.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\41853FB5.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\42771108.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\42EB0D5E.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\45C6481F.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\45E63E53.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\462C3E26.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\48980EBA.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\48A511B0.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\48D61E74.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\48E20361.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\493277B1 Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\4DEF67FA.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\4E9F0599.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\4EBE5B70.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\4FC663AC.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\50FA7158.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\51B02631.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\51BC7A25.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\51F93BC7.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\525D7621.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\550B77F1.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\551543DE.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\56DF71CD.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\56E635A8.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\58AD2DFC.exe Infected: Trojan-Downloader.Win32.Agent.zx
C:\Program Files\Norton AntiVirus\Quarantine\58D249EE.jar/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\58D249EE.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\58D249EE.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\58D249EE.jar Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\599934D5.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\59FD123B.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\5AC87A29.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\5BC245CC.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\5D0976BC.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\5D24765A.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\5D4D3624.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\5F3D7CE3.dll Infected: Trojan.Win32.StartPage.acn
C:\Program Files\Norton AntiVirus\Quarantine\5F4126DF.exe Infected: Trojan-Dropper.Win32.Agent.abu
C:\Program Files\Norton AntiVirus\Quarantine\5F4450DC.dll Infected: Virus.Win32.Nsag.b
C:\Program Files\Norton AntiVirus\Quarantine\5F477AD8.exe Infected: Trojan-Dropper.Win32.Agent.abu
C:\Program Files\Norton AntiVirus\Quarantine\5F4A24D4.exe Infected: Backdoor.Win32.Padodor.ax
C:\Program Files\Norton AntiVirus\Quarantine\5F5422CA.dat Infected: Trojan-Downloader.Win32.Delf.us
C:\Program Files\Norton AntiVirus\Quarantine\5F5422CA.exe Infected: Trojan-Downloader.Win32.Delf.us
C:\Program Files\Norton AntiVirus\Quarantine\5F5E20BF.dat Infected: Trojan-Downloader.Win32.Delf.us
C:\Program Files\Norton AntiVirus\Quarantine\5F5E20BF.exe Infected: Trojan-Downloader.Win32.Delf.us
C:\Program Files\Norton AntiVirus\Quarantine\60471FBB.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\607A38A3.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\61336C82.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\62AF7D10.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\641A3AAD.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\657E0AEA.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\66F06EBA.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\675B3C71.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\68984682.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\68B448AA.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\68DD7222.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\68EE5E38.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\69D04F0B.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\69DA08D6.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\69DB74FA.exe Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\6A3D2C48.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\6A8A578C.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\6ACC7E58.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\6B450835.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\6BC232E2.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\6C4068CF.exe Infected: Backdoor.Win32.Padodor.ax
C:\Program Files\Norton AntiVirus\Quarantine\6CEF70E9 Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\6CF21AE5 Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\6D0718C7.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\6D0D6CC0.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\6D5C6113.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\6ECF4981.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\6F6124A0.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\6F7D0273.tmp Infected: Exploit.VBS.Phel.i
C:\Program Files\Norton AntiVirus\Quarantine\6F94285A.jar/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6F94285A.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6F94285A.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\6F94285A.jar Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\6FCE1979.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\6FED015A.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\70030091.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\70CD6971.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\70F02107.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\71CC3968.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\72CB0960.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\7319634B.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\734C3DA6.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\73B73038.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\73CA5958.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\73FE4C88.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\74012D5F.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\74622E60.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\746D1B3B.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\746D2E21.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\74CA2950.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\74D32428.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\75527024 Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\75C97948.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\76034549.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\76B91C62.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\76C84940.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\76C96E50.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\780E17B6.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\78107303.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\798455A4.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\79A52B2B.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\79B57D19.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\7B195D91.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\7B292F7F.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\7C1B72F0.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\7C1F62E4.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\7CFE5206.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\7F3044FF.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\7F3F1B3C.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\7F4157DC.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\7F457526.ani Infected: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\7FFE6A20.ani Infected: Exploit.Win32.IMG-ANI.c
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP462\A0065445.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP467\A0067520.exe Infected: Trojan-Downloader.Win32.Small.vu
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP467\A0067636.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP467\A0067637.exe Infected: not-virus:Hoax.Win32.Renos.ae
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP467\A0069759.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP467\A0069760.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069845.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069880.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069881.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069882.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069883.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069884.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069885.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069886.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069887.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069888.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069889.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069890.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069891.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069892.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069893.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069894.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069895.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069896.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069897.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069898.exe Infected: Trojan-Downloader.Win32.Small.bgv
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069899.exe Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069900.exe Infected: not-a-virus:AdWare.Win32.FindSpy.e
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069901.dll Infected: Trojan-Downloader.Win32.Agent.rm
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069902.dll Infected: Trojan-Downloader.Win32.Agent.rm
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069903.exe Infected: Trojan-Downloader.Win32.Small.bgv
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069904.exe Infected: Trojan-Downloader.Win32.Small.bpz
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069905.exe Infected: Trojan-Downloader.Win32.Small.bgv
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069906.exe Infected: Trojan-Dropper.Win32.Small.zp
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP468\A0069907.exe Infected: Trojan-Downloader.Win32.Small.bpz
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP472\A0070347.exe Infected: Trojan-Downloader.Win32.Agent.zx
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP472\A0070397.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP472\A0070398.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP472\A0070399.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP472\A0070400.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.c
C:\WINDOWS\system32\dial32.exe Infected: Trojan.Win32.Dialer.ay
C:\WINDOWS\system32\sdfdil.exe Infected: Trojan.Win32.Dialer.ay
C:\WINDOWS\system32\winctrl64.exe Infected: Trojan-Downloader.Win32.Small.awa

Scan process completed.

#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 January 2006 - 04:43 PM

Go to Add\Remove Programs and Remove MyWay Search Bar


Use Killbox once more and delete these files

C:\WINDOWS\system32\dial32.exe
C:\WINDOWS\system32\sdfdil.exe
C:\WINDOWS\system32\winctrl64.exe



Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacoolsoftware.com/downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts2.htm

Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup

Go ahead and remove any of the tools downloaded that are of no use anymore

Post back and let me know how things are?

#12 amorlowski

amorlowski
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 20 January 2006 - 10:15 PM

Sorry it's been so long...I've been away for 2 weeks. I followed your instructions. The only thing i couldn't do was to remove a MyWay Search bar. The only thing like that i see in my Add/Remove Programs is a WeatherBug Browser Companion-powered by MySearch. But it won't let me remove it because "The specified module could not be found." Otherwise, things seem to be working okay. Thanks for all of your help. You're the best!

#13 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 22 January 2006 - 08:26 AM

Sounds good to me!

Go ahead and Renable System Restore and restart the PC,this will clear out all old nasty restore points and create a nice new fresh clean one for you to fall back on should you ever need it.


It is suggested that you go and change all your passwords since some of these may have been compromised during the infection.


Read through those 3 little black links in my signature to get some extra ideas about how to avoid this in the future.


Please remember to check your AntiVirus and any Spyware Apps for updates atleast twice a week


Make sure you keep your Windows Operating System up to date by visiting Windows Updates regularly to download and install any critical updates and service packs.


If you ever need us again,you know how to find us! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users