Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems With Computer


  • This topic is locked This topic is locked
33 replies to this topic

#1 brad1

brad1

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 13 June 2006 - 07:54 PM

Hi!
I'm having lots of problems with my computer and I think that it has a virus. Can someone here help me? Please and Thank You.

Here is my HijackThis log file:

Logfile of HijackThis v1.99.1
Scan saved at 8:51:02 PM, on 6/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kazaa\kazaa.exe
C:\WINDOWS\cfg32.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TBONBin\tbon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\cfg32a.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\NEWACC~1.COM\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.infospace.com;*.instafinder.com;*.nation.com;64.136.29.30;64.136.21.30;64.136.29.34;infospace.com;instafinder.com;nation.com;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;<local>
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\citol.exe
F2 - REG:system.ini: UserInit=userinit.exe,measwqw.exe
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - blank (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - blank (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [newname] c:\\newname25.exe
O4 - HKLM\..\Run: [defender] c:\\defender26.exe
O4 - HKLM\..\Run: [keyboard] c:\\keyboard25.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe" -startminimize
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: svchost.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/...ece5b5b666353a7
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\kqdsl1.dll (file missing)
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\ZLORT4AS.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\WW9zZWY\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:24 AM

Posted 14 June 2006 - 08:12 AM

Hello,

First of all, you didn't unzip/extract hijackthis.. and it's still in the tempfolder.
So I strongly advise to unzip/extract hijackthis.zip.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Create a permanent folder and move hijackthis.exe into it. The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.
How do you make a permanent folder:

Click My Computer, then C:\ and then on Program Files.
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".
Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there.

Please perform my steps in exactly the same order as I describe!

First of all, uninstall Kazaa, because Kazaa is bundled with spyware.
Also uninstall next:

The Best Offers /Tbonin
Registry Cleaner Trial
Toolbar888


* Download AlcanShorty from here.
  • Click the download button below and agree to download the fix.
  • Download Alcanshorty to your desktop.
  • DoubleClick alcanshorty_en.exe and click install
  • This will create a new folder on your desktop called alcanshorty_en
  • Open that folder and doubleclick Run.bat
  • Once the fix starts, your icons and desktop will disappear, this is normal.
Make sure you have a working internet connection. In case your firewall gives an alert, don't block it,
because alcanshorty needs to download some additional files to let the tool run properly.
  • Wait for the complete script execution box to popup and press OK.
  • Press exit to terminate the BFU program.
* Download Combofix.zip
Unzip it to its own folder.
Read here how to unzip/extract properly.
Open the Combofix folder and doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post this log in your next reply together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 brad1

brad1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 14 June 2006 - 07:29 PM

Sorry to bother you but when I click on Run.bat it doesn't come. sorry

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:24 AM

Posted 15 June 2006 - 12:21 AM

Do you get any error when you click run.bat? What does it says in the dos window on top? Or does run.bat just opens very quickly and closes again?
Let me know first.

Ok, let's try it in another way..

* Download Brute Force Uninstaller.
Unzip it to a folder of itís own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program

then perform the other steps.

Edited by miekiemoes, 15 June 2006 - 12:23 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 brad1

brad1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 15 June 2006 - 06:26 PM

ComboFix.txt log

(((((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"sv1"=""

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}"="Compressed (zipped) Folder"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{5E44E225-A408-11CF-B581-008029601108}"="Roxio DragToDisc Shell Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{0AF221E8-29B6-46EB-B420-DC696F042596}"="Find and Recover deleted files on you Computer"
"{5E7D9611-0A92-11D6-BCC6-C117EB0C4E52}"="RStudio Menu Handler"
"{3C7BE262-0E51-11D6-BCC6-A29C3C5B2152}"="R-Undelete"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{B034BE74-0778-4403-AF1B-8CEB361CE71B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B034BE74-0778-4403-AF1B-8CEB361CE71B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B034BE74-0778-4403-AF1B-8CEB361CE71B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B034BE74-0778-4403-AF1B-8CEB361CE71B}\InprocServer32]
@="C:\\WINDOWS\\system32\\ZLORT4AS.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{20E8B174-5871-4F94-9A96-69150DB72F75}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{20E8B174-5871-4F94-9A96-69150DB72F75}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{20E8B174-5871-4F94-9A96-69150DB72F75}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{20E8B174-5871-4F94-9A96-69150DB72F75}\InprocServer32]
@="C:\\WINDOWS\\system32\\kqdsl1.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{E696C269-BDE6-46D5-95C3-644EBDA355D5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E696C269-BDE6-46D5-95C3-644EBDA355D5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E696C269-BDE6-46D5-95C3-644EBDA355D5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E696C269-BDE6-46D5-95C3-644EBDA355D5}\InprocServer32]
@="C:\\WINDOWS\\system32\\vpwwdm32.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\SYSTEM32\WJHISN.DLL
C:\WINDOWS\SYSTEM32\WBWFAXUI.DLL
C:\WINDOWS\SYSTEM32\WAISCMGR.DLL
C:\WINDOWS\SYSTEM32\VPWWDM32.DLL
C:\WINDOWS\SYSTEM32\HRR405~1.DLL
C:\WINDOWS\system32\guard.tmp


Granting SeDebugPrivilege to Administrators ... successful
19:16:56.73


(((((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))

19:16:57.75

Qoologic uninstaller found and executed
Registry entries fixed


((((((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\Yoseph\Application Data\Sskknwrd.dll
C:\Documents and Settings\Yoseph\Application Data\Sskcwrd.dll
C:\Documents and Settings\Yoseph\Application Data\Sskdmns.dll
C:\Documents and Settings\Yoseph\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\Guest\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Yosef\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\new account.COMPUTER-613\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\new account.COMPUTER-613\Application Data\Sskknwrd.dll
C:\Documents and Settings\new account.COMPUTER-613\Application Data\Sskuknwrd.dll
C:\Program Files\SurfSideKick 3\SskBho.dll
C:\Program Files\SurfSideKick 3\SskCore.dll
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\WINDOWS\Prefetch\SSK.EXE-20EC298C.pf
C:\WINDOWS\Prefetch\SSKUPDATER3.EXE-25B6D7E3.pf
C:\WINDOWS\SYSTEM32\BK.EXE


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



19:18:57.17
((((((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\new account.COMPUTER-613\Local Settings\Temp\Temporary Internet Files\Content.IE5\H150CPWD\drsmartload[1].exe
C:\WINDOWS\defender1.exe
C:\WINDOWS\teller2.chk
C:\warebundle.exe
C:\WINDOWS\MTE3NDI6ODoxNg.exe
C:\WINDOWS\warebundle.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon
C:\WINDOWS\WW9zZWY


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-06-15 19:09:26 0 ( A.... ) "C:\WINDOWS\ms038529422172006.exe"
2006-06-15 18:30:56 0 ( A.... ) "C:\WINDOWS\win32082217852942006.exe"
2006-06-15 18:20:50 245760 ( A.... ) "C:\WINDOWS\system32\cemetrix.dll"
2006-06-15 18:19:34 69632 ( A.... ) "C:\WINDOWS\system32\fcbhodnn.dll"
2006-06-15 18:19:34 33012 ( A.... ) "C:\WINDOWS\system32\tpuninstall.exe"
2006-06-15 18:19:34 ( .D... ) "C:\Program Files\FCAdvice"
2006-06-15 18:19:20 69632 ( A.... ) "C:\WINDOWS\system32\nfaolfkm.dll"
2006-06-15 18:19:16 ( .D... ) "C:\Program Files\AXVenore"
2006-06-15 18:18:08 ( .D... ) "C:\Program Files\SDVita"
2006-06-15 18:18:00 69632 ( A.... ) "C:\WINDOWS\system32\aljgflmi.dll"
2006-06-15 18:17:44 1150976 ( A.... ) "C:\WINDOWS\system32\rlvknlg.exe"
2006-06-15 18:17:44 303104 ( A.... ) "C:\WINDOWS\system32\rlls.dll"
2006-06-15 18:17:44 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll"
2006-06-15 18:16:16 20480 ( A.... ) "C:\stub_sca3.exe"
2006-06-15 18:16:10 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe"
2006-06-15 18:16:02 389632 ( A.... ) "C:\webnexmk.exe"
2006-06-15 18:15:16 ( .D... ) "C:\Program Files\whInstall"
2006-06-15 18:14:50 174669 ( A.... ) "C:\WINDOWS\srvayxtatf.exe"
2006-06-15 18:14:50 ( .D... ) "C:\Program Files\PECarlin"
2006-06-15 18:14:40 362496 ( A.... ) "C:\526_620.exe"
2006-06-15 18:14:04 48187 ( A.... ) "C:\WINDOWS\system32\VSL03.exe"
2006-06-15 18:11:44 217088 ( A.... ) "C:\WINDOWS\system32\x3cqp0.dll"
2006-06-15 18:11:44 45056 ( A.... ) "C:\WINDOWS\system32tfthot.exe"
2006-06-15 18:11:44 45056 ( A.... ) "C:\WINDOWS\system32\tfthot.exe"
2006-06-15 18:11:44 28672 ( A.... ) "C:\WINDOWS\system32ftuninst.exe"
2006-06-15 18:11:44 28672 ( A.... ) "C:\WINDOWS\system32\gbe90qs.exe"
2006-06-15 18:11:44 28672 ( A.... ) "C:\WINDOWS\system32\ftuninst.exe"
2006-06-15 18:11:44 24576 ( A.... ) "C:\WINDOWS\system32ssec.exe"
2006-06-15 18:11:44 24576 ( A.... ) "C:\WINDOWS\system32\ssec.exe"
2006-06-15 18:11:42 30208 ( A.... ) "C:\SS1001.exe"
2006-06-15 18:11:30 45056 ( A.... ) "C:\wd7gi8n.exe"
2006-06-15 18:11:20 139264 ( A.... ) "C:\WINDOWS\ms05294221785.exe"
2006-06-15 18:11:10 232749 ( A.... ) "C:\WINDOWS\pf78.exe"
2006-06-15 18:11:10 52104 ( A.... ) "C:\WINDOWS\pf79.exe"
2006-06-15 18:11:10 ( .D... ) "C:\Program Files\Internet Optimizer"
2006-06-15 18:11:04 467968 ( A.... ) "C:\visfx500.exe"
2006-06-15 18:08:40 36865 ( A.... ) "C:\WINDOWS\wallp2.exe"
2006-06-15 18:08:32 959 ( A.... ) "C:\WINDOWS\system32\nt68rrtc12.sys"
2006-06-15 18:08:32 959 ( A.... ) "C:\WINDOWS\system32\nt68rrtc12.sys"
2006-06-15 18:08:18 45059 ( A.... ) "C:\ZIGID003.exe"
2006-06-14 19:24:50 2 ( A.... ) "C:\WINDOWS\system32\wnsapisv.exe"
2006-06-14 19:24:48 81920 ( A.... ) "C:\WINDOWS\system32\mshta.dll"
2006-06-14 19:24:46 ( .D... ) "C:\Program Files\?racle"
2006-06-14 19:23:06 418445 ( A.... ) "C:\Mendoza1.exe"
2006-06-14 19:21:22 ( .D... ) "C:\Program Files\ToolBar888"
2006-06-07 13:55:52 3753 ( A.... ) "C:\Program Files\Common Files\qugyd.html"
2006-06-04 15:36:02 197120 ( A.... ) "C:\WINDOWS\system32\The Break-Up.scr"
2006-06-04 11:05:14 32768 ( A.... ) "C:\WINDOWS\gcllaans.exe"
2006-06-03 13:04:18 0 ( A.... ) "C:\WINDOWS\b.exe"
2006-06-01 16:50:04 1159168 ( A.... ) "C:\WINDOWS\system32\ssn6tuu.exe"
2006-06-01 16:49:52 36864 ( A.... ) "C:\WINDOWS\system32\nr1rnqm8.exe"
2006-06-01 15:37:32 143360 ( A.... ) "C:\WINDOWS\system32\mptft.exe"
2006-06-01 12:13:54 ( .D... ) "C:\Program Files\EA Games"
2006-05-30 20:05:24 102400 ( A.... ) "C:\WINDOWS\cfg32r.dll"
2006-05-30 20:05:22 110592 ( A.... ) "C:\WINDOWS\cfg32o.dll"
2006-05-30 20:05:22 45056 ( A.... ) "C:\WINDOWS\cfg32s.dll"
2006-05-30 19:09:20 24576 ( A.... ) "C:\WINDOWS\Uninstall.exe"
2006-05-28 23:01:12 ( .D... ) "C:\Program Files\LimeWire"
2006-05-26 17:10:56 841822 ( A.... ) "C:\WINDOWS\MM Screensaver.scr"
2006-05-26 17:10:56 45056 ( A.... ) "C:\WINDOWS\NCUNINST.EXe"
2006-05-24 23:02:10 ( .D... ) "C:\Program Files\Common Files\SWF Studio"
2006-05-24 23:02:02 40960 ( A.... ) "C:\WINDOWS\NCLAUNCH.EXe"
2006-05-22 19:52:16 ( .D... ) "C:\Program Files\thriXXX"
2006-05-22 18:13:56 ( .D... ) "C:\Program Files\PartyPoker"
2006-05-17 02:20:56 17 ( A.... ) "C:\Program Files\d.bat"
2006-05-14 11:02:14 ( .D... ) "C:\Program Files\Common Files\WinAntiVirus Pro 2006"
2006-05-14 10:54:10 ( .D... ) "C:\Program Files\webHancer"
2006-05-14 10:53:32 30208 ( A.... ) "C:\WINDOWS\SS1001.exe"
2006-05-14 10:53:22 14848 ( A.... ) "C:\WINDOWS\stub_113_4_0_4_0.exe"
2006-05-13 15:06:00 ( .D... ) "C:\Program Files\Common Files\simtest"
2006-05-13 15:06:00 ( .D... ) "C:\Program Files\Common Files\misc001"
2006-05-13 13:03:08 ( .D... ) "C:\Program Files\Common Files\Java"
2006-05-13 10:44:48 32768 ( A.... ) "C:\WINDOWS\lnulmxum.exe"
2006-05-12 15:57:38 183296 ( A.S.. ) "C:\WINDOWS\NDNuninstall7_22.exe"
2006-05-12 15:57:24 32768 ( A.... ) "C:\WINDOWS\stdaqepb.exe"
2006-05-12 15:55:02 542720 ( A.... ) "C:\503_617.exe"
2006-05-12 15:54:26 290816 ( A.... ) "C:\WINDOWS\installerwnus.exe"
2006-05-12 15:54:14 50688 ( A.S.. ) "C:\WINDOWS\NDNuninstall6_38.exe"
2006-05-12 15:54:10 ( .D... ) "C:\Program Files\Common Files\s?stem"
2006-05-12 15:54:10 ( .D... ) "C:\Program Files\Common Files\riqr"
2006-05-12 15:54:08 266240 ( A.... ) "C:\NNSCAA638.EXE"
2006-05-12 15:53:24 20480 ( A.... ) "C:\stub_venthh.exe"
2006-05-12 15:52:48 ( .D... ) "C:\Program Files\Snowball Wars"
2006-05-12 15:52:46 310122 ( A.... ) "C:\Trelew.exe"
2006-05-11 22:24:20 10 ( A.... ) "C:\WINDOWS\smdat32m.sys"
2006-05-11 22:06:08 ( .D... ) "C:\Program Files\Symantec"
2006-05-10 20:32:14 32768 ( A.... ) "C:\WINDOWS\chstixem.exe"
2006-05-10 20:25:18 397312 ( A.... ) "C:\WINDOWS\cfg32p.dll"
2006-05-10 20:23:20 139264 ( A.... ) "C:\WINDOWS\win3208221785294.exe"
2006-05-10 20:22:54 467968 ( A.... ) "C:\WINDOWS\visfx500.exe"
2006-05-10 20:21:38 ( .D... ) "C:\Program Files\Windows"
2006-05-04 00:26:22 5818784 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2006-05-02 17:45:22 57344 ( A.... ) "C:\WINDOWS\system32\SDRunner.dll"
2006-04-19 16:09:20 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx0c.dll"
2006-04-19 16:09:20 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx07.dll"
2006-04-19 16:09:20 761856 ( A.... ) "C:\WINDOWS\system32\divx_xx11.dll"
2006-04-19 16:09:20 619156 ( A.... ) "C:\WINDOWS\system32\DivX.dll"
2006-04-18 18:34:58 421888 ( ..... ) "C:\WINDOWS\system32\pxdrv.dll"
2006-04-18 18:34:58 372736 ( ..... ) "C:\WINDOWS\system32\px.dll"
2006-04-18 18:34:58 172032 ( ..... ) "C:\WINDOWS\system32\pxmas.dll"
2006-04-18 18:34:58 109568 ( ..... ) "C:\WINDOWS\system32\pxinsi64.exe"
2006-04-18 18:34:58 61440 ( ..... ) "C:\WINDOWS\system32\pxhpinst.exe"
2006-04-18 18:34:58 56320 ( ..... ) "C:\WINDOWS\system32\pxinsa64.exe"
2006-04-18 18:34:56 339968 ( ..... ) "C:\WINDOWS\system32\pxwave.dll"
2006-04-18 18:31:14 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2006-04-18 18:31:14 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"
2006-04-18 18:30:58 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll"
2006-04-18 18:30:30 53248 ( A.... ) "C:\WINDOWS\system32\dpuGUI10.dll"
2006-04-18 18:30:28 593920 ( A.... ) "C:\WINDOWS\system32\dpuGUI11.dll"
2006-04-18 18:30:28 344064 ( A.... ) "C:\WINDOWS\system32\dpus11.dll"
2006-04-18 18:30:28 294912 ( A.... ) "C:\WINDOWS\system32\dpu11.dll"
2006-04-18 18:30:28 294912 ( A.... ) "C:\WINDOWS\system32\dpu10.dll"
2006-04-18 18:30:28 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll"
2006-04-18 18:30:28 90112 ( A.... ) "C:\WINDOWS\system32\dpl100.dll"
2006-04-18 18:30:28 57344 ( A.... ) "C:\WINDOWS\system32\dpv11.dll"
2006-04-18 18:30:24 245408 ( A.... ) "C:\WINDOWS\system32\unicows.dll"
2006-04-18 18:30:14 536576 ( A.... ) "C:\WINDOWS\system32\DivXsm.exe"
2006-04-10 14:37:12 118784 ( A.... ) "C:\WINDOWS\system32\DivXCodecUpdateChecker.exe"
2006-04-06 10:54:38 73728 ( A.... ) "C:\WINDOWS\system32\asuninst.exe"
2006-03-30 05:16:04 1492480 ( A.... ) "C:\WINDOWS\system32\shdocvw.dll"
2006-03-29 21:00:14 16384 ( A.... ) "C:\WINDOWS\system32\xpsp3res.dll"
2006-03-23 16:32:42 3053568 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2006-03-23 12:43:56 139264 ( A.... ) "C:\WINDOWS\win3207422178529.exe"
2006-03-23 12:43:56 139264 ( A.... ) "C:\WINDOWS\gege15x.exe"
2006-03-21 20:38:44 12288 ( A.... ) "C:\WINDOWS\system32\DivXWMPExtType.dll"
2006-03-19 11:25:36 197120 ( A.... ) "C:\WINDOWS\system32\stay_alive_screensaver.scr"
2006-03-18 07:09:38 613376 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2006-03-17 05:07:18 679424 ( A.... ) "C:\WINDOWS\system32\inetcomm.dll"
2006-03-17 00:03:54 8452096 ( A.... ) "C:\WINDOWS\system32\shell32.dll"
2006-03-16 20:38:02 28672 ( ..... ) "C:\WINDOWS\system32\verclsid.exe"
2005-10-17 23:33:38 52603 ( A.... ) "C:\Program Files\channels.new"
2005-10-17 23:33:36 131072 ( A.... ) "C:\Program Files\uninstall.exe"
2005-10-17 23:33:36 32768 ( A.... ) "C:\Program Files\ExportText.dll"
2005-10-17 23:33:36 637 ( A.... ) "C:\Program Files\uninstall.dat"
2005-10-17 23:33:34 3098100 ( A.... ) "C:\Program Files\Client01.exe"
2005-10-17 23:33:34 872448 ( A.... ) "C:\Program Files\libeay32.dll"
2005-10-17 23:33:34 413696 ( A.... ) "C:\Program Files\js32.dll"
2005-10-17 23:33:34 344600 ( A.... ) "C:\Program Files\channels"
2005-10-17 23:33:34 228082 ( A.... ) "C:\Program Files\usa.dgl"
2005-10-17 23:33:34 228082 ( A.... ) "C:\Program Files\lang.dgl"
2005-10-17 23:33:34 225280 ( A.... ) "C:\Program Files\Network.dll"
2005-10-17 23:33:34 193749 ( A.... ) "C:\Program Files\lang.dg2"
2005-10-17 23:33:34 159744 ( A.... ) "C:\Program Files\ssleay32.dll"
2005-10-17 23:33:34 90112 ( A.... ) "C:\Program Files\Client.exe"
2005-10-17 23:33:34 77824 ( A.... ) "C:\Program Files\gmdc.dll"
2005-10-17 23:33:34 73728 ( A.... ) "C:\Program Files\GMSpeech.dll"
2005-10-17 23:33:34 69632 ( A.... ) "C:\Program Files\liXML.dll"
2005-10-17 23:33:34 57344 ( A.... ) "C:\Program Files\dglog.dll"
2005-10-17 23:33:34 53248 ( A.... ) "C:\Program Files\bs.dll"
2005-10-17 23:33:34 38769 ( A.... ) "C:\Program Files\lang.h"
2005-10-17 23:33:34 32768 ( A.... ) "C:\Program Files\litsv.dll"
2005-10-17 23:33:34 15400 ( A.... ) "C:\Program Files\releasenotes.dat"
2005-10-17 23:33:34 10592 ( A.... ) "C:\Program Files\tlcats.dat"
2005-10-17 23:33:34 8459 ( A.... ) "C:\Program Files\keywords"
2005-10-17 23:33:34 4178 ( A.... ) "C:\Program Files\paths.dat"
2005-10-17 23:33:34 2974 ( A.... ) "C:\Program Files\keys"
2005-10-17 23:33:34 2269 ( A.... ) "C:\Program Files\hotlinks"
2005-10-17 23:33:34 1074 ( A.... ) "C:\Program Files\category"
2005-10-17 23:33:34 151 ( A.... ) "C:\Program Files\region.dat"
2005-10-17 23:33:34 109 ( A.... ) "C:\Program Files\GMSpeech.INI"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"KAZAA"="C:\\Program Files\\Kazaa\\kazaa.exe /SYSTRAY"
"{C2-2C-C0-0E-ZN}"="C:\\windows\\system32\\pkdsregr.exe GID003"
"Internet Optimizer"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"sys02785294221"="C:\\WINDOWS\\sys02785294221.exe"
"ms05294221785"="C:\\WINDOWS\\ms05294221785.exe"
"ftexc"="C:\\WINDOWS\\system32\\mptft.exe"
"Hhl7RfpJ"="\"C:\\WINDOWS\\system32\\ssn6tuu.exe\""
"wvwqdvuA"="C:\\WINDOWS\\wvwqdvuA.exe"
"w009787f.dll"="RUNDLL32.EXE w009787f.dll,I2 000d043c0009787f"
"webHancer Agent"="C:\\Program Files\\webHancer\\Programs\\whagent.exe"
"webHancer Survey Companion"="C:\\Program Files\\webHancer\\Programs\\whsurvey.exe"
"RelevantKnowledge"="c:\\windows\\system32\\rlvknlg.exe -boot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"tbon"="C:\\Program Files\\TBONBin\\tbon.exe /r"
"Yahoo! Pager"="\"C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\ypager.exe\" -quiet"
"Registry Cleaner"="\"C:\\Program Files\\Registry Cleaner Trial\\regclean.exe\" -startminimize"
"NCLaunch"="C:\\WINDOWS\\NCLAUNCH.EXe"
"PECarlin"="\"C:\\Program Files\\PECarlin\\PECarlin.exe\""
"AXVenore"="\"C:\\Program Files\\AXVenore\\AXVenore.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"WinUpdate.exe"="C:\\Program Files\\Windows\\WinUpdate.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\Tasks\Symantec NetDetect.job
C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Yosef.job
C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1122822388.job
C:\WINDOWS\Tasks\XoftSpy.job
C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1106268188.job

Completion time: Thu 06/15/2006 19:19:11.53
ComboFix ver 06.06.14 - This logfile is located at C:\ComboFix.txt

#6 brad1

brad1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 15 June 2006 - 06:28 PM

HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 7:27:49 PM, on 6/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\FCAdvice\FCAdvice.exe
C:\Program Files\Kazaa\kazaa.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\ms05294221785.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mptft.exe
C:\WINDOWS\system32\ssn6tuu.exe
C:\WINDOWS\system32\ssec.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\WINDOWS\system32\nr1rnqm8.exe
C:\WINDOWS\system32\tfthot.exe
C:\windows\system32\rlvknlg.exe
C:\Program Files\TBONBin\tbon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\PECarlin\PECarlin.exe
C:\Program Files\AXVenore\AXVenore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Documents and Settings\new account.COMPUTER-613\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.infospace.com;*.instafinder.com;*.nation.com;64.136.29.30;64.136.21.30;64.136.29.34;infospace.com;instafinder.com;nation.com;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;<local>
O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\system32\x3cqp0.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - blank (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - blank (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [{C2-2C-C0-0E-ZN}] C:\windows\system32\pkdsregr.exe GID003
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ms05294221785] C:\WINDOWS\ms05294221785.exe
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKLM\..\Run: [wvwqdvuA] C:\WINDOWS\wvwqdvuA.exe
O4 - HKLM\..\Run: [w009787f.dll] RUNDLL32.EXE w009787f.dll,I2 000d043c0009787f
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe" -startminimize
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [PECarlin] "C:\Program Files\PECarlin\PECarlin.exe"
O4 - HKCU\..\Run: [AXVenore] "C:\Program Files\AXVenore\AXVenore.exe"
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/...ece5b5b666353a7
O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\system32\x3cqp0.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wvwqdvu.exe (file missing)

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:24 AM

Posted 16 June 2006 - 02:02 AM

Hi,

I asked you before to uninstall some programs. I see you still didn't uninstall them.
As long as Kazaa stays present, it doesn't make any sense to clean this though.
Please follow my advise, because this is with a reason.
I don't think you are aware HOW much malware is present on your system.

*Please download the Suspicious File Packer from here:
http://www.safer-networking.org/files/sfp.zip
Unzip it to the desktop and run it.

Paste the following bold part into the Suspicious File Packer window:

C:\WINDOWS\stdaqepb.exe
C:\WINDOWS\chstixem.exe
C:\Program Files\d.bat
C:\WINDOWS\b.exe
C:\WINDOWS\gcllaans.exe
C:\Mendoza1.exe
C:\WINDOWS\system32\wnsapisv.exe
C:\WINDOWS\srvayxtatf.exe
C:\WINDOWS\system32\fcbhodnn.dll


Allow SFP to pack the file. This will generate a CAB archive on your desktop. Please email the file to:

miekiemoesATmalware-research.co.uk

remember to replace the AT in the above line with an @
(the reason to not post a complete valid e-mail address in a post is so spammers can't harvest the addresses)

Go to start > controlpanel > software > add/remove programs and uninstall next programs:

Kazaa
Internet Optimizer
Quicklinks
ForeThought
Webhancer
Relevanknowledge
Tbonin / Best Offers
Registry Cleaner Trial


Reboot everytime after uninstalling!!!!

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

Please download Ewido anti-malware ; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.infospace.com;*.instafinder.com;*.nation.com;64.136.29.30;64.136.21.30;64.136.29.34;infospace.com;instafinder.com;nation.com;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;<local>
O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\system32\x3cqp0.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - blank (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - blank (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [{C2-2C-C0-0E-ZN}] C:\windows\system32\pkdsregr.exe GID003
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ms05294221785] C:\WINDOWS\ms05294221785.exe
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKLM\..\Run: [wvwqdvuA] C:\WINDOWS\wvwqdvuA.exe
O4 - HKLM\..\Run: [w009787f.dll] RUNDLL32.EXE w009787f.dll,I2 000d043c0009787f
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe" -startminimize
O4 - HKCU\..\Run: [PECarlin] "C:\Program Files\PECarlin\PECarlin.exe"
O4 - HKCU\..\Run: [AXVenore] "C:\Program Files\AXVenore\AXVenore.exe"
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installd...leanerstart.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/...ece5b5b666353a7
O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\system32\x3cqp0.dll
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wvwqdvu.exe (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Reboot into Safe Mode`: ( without networking support !)
įTo get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

Files:

C:\stub_sca3.exe
C:\webnexmk.exe
C:\526_620.exe
C:\SS1001.exe
C:\wd7gi8n.exe
C:\visfx500.exe
C:\ZIGID003.exe
C:\503_617.exe
C:\NNSCAA638.EXE
C:\stub_venthh.exe
C:\Trelew.exe
C:\Mendoza1.exe
C:\Program Files\d.bat
C:\Program Files\Common Files\qugyd.html
C:\WINDOWS\gcllaans.exe
C:\WINDOWS\b.exe
C:\WINDOWS\wallp2.exe
C:\WINDOWS\cfg32r.dll
C:\WINDOWS\cfg32o.dll
C:\WINDOWS\cfg32s.dll
C:\WINDOWS\Uninstall.exe
C:\WINDOWS\ms05294221785.exe
C:\WINDOWS\pf78.exe
C:\WINDOWS\pf79.exe
C:\WINDOWS\SS1001.exe
C:\WINDOWS\stub_113_4_0_4_0.exe
C:\WINDOWS\srvayxtatf.exe
C:\WINDOWS\lnulmxum.exe
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\installerwnus.exe
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\cfg32p.dll
C:\WINDOWS\win3208221785294.exe
C:\WINDOWS\visfx500.exe
C:\WINDOWS\win3207422178529.exe
C:\WINDOWS\ms038529422172006.exe
C:\WINDOWS\win32082217852942006.exe
C:\WINDOWS\gege15x.exe
C:\WINDOWS\wvwqdvuA.exe
C:\WINDOWS\system32ftuninst.exe
C:\WINDOWS\system32ssec.exe
C:\WINDOWS\system32tfthot.exe
C:\WINDOWS\system32\SDRunner.dll
C:\WINDOWS\system32\nt68rrtc12.sys
C:\WINDOWS\system32\VSL03.exe
C:\WINDOWS\system32\VSL05.exe
C:\WINDOWS\system32\aljgflmi.dll
C:\WINDOWS\system32\rlvknlg.exe
C:\WINDOWS\system32\rlls.dll
C:\WINDOWS\system32\nfaolfkm.dll
C:\WINDOWS\system32\fcbhodnn.dll
C:\WINDOWS\system32\tpuninstall.exe
C:\WINDOWS\system32\cemetrix.dll
C:\WINDOWS\system32\ftuninst.exe
C:\WINDOWS\system32\gbe90qs.exe
C:\WINDOWS\system32\mptft.exe
C:\WINDOWS\system32\nr1rnqm8.exe
C:\WINDOWS\system32\ssec.exe
C:\WINDOWS\system32\ssn6tuu.exe
C:\WINDOWS\system32\tfthot.exe
C:\WINDOWS\system32\x3cqp0.dll
C:\windows\system32\pkdsregr.exe

Folders:

C:\Program Files\Common Files\riqr
C:\Program Files\Common Files\WinAntiVirus Pro 2006
C:\Program Files\EA Games
C:\Program Files\Internet Optimizer
C:\Program Files\PECarlin
C:\Program Files\whInstall
C:\Program Files\AXVenore
C:\Program Files\SDVita
C:\Program Files\FCAdvice
C:\Program Files\TBONBin
C:\Program Files\Kazaa
C:\Program Files\Registry Cleaner Trial
C:\Program Files\ToolBar888
C:\Program Files\thriXXX
C:\Program Files\Snowball Wars
C:\Program Files\Windows <== don't delete any similar looking folder, the one you have to delete contains the files WinUpdate.exe and WinUpdate.fld (could be possible that WinUpdate.exe is already deleted)

* Still in safe mode... * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* Open Ewido anti-malware
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

* Reboot your system back to normal mode.

* Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[-HKEY_CLASSES_ROOT\Fseytdc.Ariaqudok]

[-HKEY_CLASSES_ROOT\Fseytdc.Ariaqudok.1]

[-HKEY_CLASSES_ROOT\Fseytdc.Yvakt]

[-HKEY_CLASSES_ROOT\Fseytdc.Yvakt.1]

[-HKEY_CLASSES_ROOT\CLSID\{5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915}]

[-HKEY_CLASSES_ROOT\CLSID\{624A3CDB-8C0A-4902-8480-191582C8498E}]

[-HKEY_CLASSES_ROOT\Interface\{47F2B86D-82A1-44F5-A78B-136AC5496094}]

[-HKEY_CLASSES_ROOT\TypeLib\{90AFF1EF-C901-4991-8D61-5BEEA455E090}]


Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report in your next reply,
together with the contents of ewido-log present on your desktop and a new HiJackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:24 AM

Posted 16 June 2006 - 05:31 PM

Hello,

Delete next files as well:

C:\WINDOWS\stdaqepb.exe
C:\WINDOWS\chstixem.exe
C:\WINDOWS\system32\wnsapisv.exe

The rest you've sent me I already asked you to delete previously.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:24 AM

Posted 16 June 2006 - 05:44 PM

And delete next folders:

C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\svchostsys <== if present
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 brad1

brad1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 16 June 2006 - 09:24 PM

is it alright if I dont post anything for a couple of days (maybe 1 or 2). I have finals and I can't do both of these. Is that alright?

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:24 AM

Posted 17 June 2006 - 12:03 AM

Yes, that's ok. Don't use your infected computer in between, because things will go worse everytime as long as malware is present. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 brad1

brad1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 18 June 2006 - 08:26 PM

Panda Scan

Incident Status Location

Spyware:Cookie/Advertising Not disinfected C:\FOUND.093\FILE0000.CHK
Adware:adware/delfinmedia Not disinfected C:\keys.ini
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\THICC1.tmp\twaintec.inf
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\alchem.inf
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\alchem.ini
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\~DFCF65.tmp
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\twaintec.inf
Adware:Adware/DelFinMedia Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\vmstmp\vmstmp.exe
Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\nsdtmp09.dll
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\auf0.exe
Adware:Adware/LocalNRD Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\THI5739.tmp\localNrd.inf
Adware:Adware/Exact.SearchBar Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\ICD6.tmp\installer_ICMEDIAX.exe
Adware:Adware/Exact.SearchBar Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\ICD8.tmp\installer_ICMEDIAX.exe
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\~apropos0\CxtPls.exe
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\AutoUpdate0\setup.inf
Adware:Adware/Exact.SearchBar Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\ICD9.tmp\installer_ICMEDIAX.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\U6B.tmp
Adware:Adware/Exact.SearchBar Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\ICD11.tmp\installer_ICMEDIAX.exe
Adware:Adware/Exact.SearchBar Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\ICD10.tmp\installer_ICMEDIAX.exe
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\THIC2E.tmp\zserv.inf
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\ULC3MZSD\casino[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\ULC3MZSD\casino-ico[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\8I7LF0ZE\dating[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\8I7LF0ZE\drugs[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\WUELFZ9O\fav-ico[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\WUELFZ9O\dating-ico[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\WUELFZ9O\drugs-ico[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\0Y8I18UG\fav[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\0Y8I18UG\virus[1].bmp
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@kount[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@rn11[1].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@smni[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@fe.lea.lycos[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@xiti[1].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@ads.gorillanation[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@www.nick[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@fe.lea.lycos[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@go[2].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@pop.mircx[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@atwola[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@rn11[2].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@pop.mircx[3].txt
Spyware:Cookie/Gator Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@webmail.netzero[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@atwola[3].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@www.xzoomy[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@rightmedia[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@banner[1].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@newnet.qsrch[1].txt
Spyware:Cookie/Mp3s Hits Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@www.mp3bleeps[1].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@www.xzoomy[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@atwola[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@web.tickle[1].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@pop.mircx[2].txt
Spyware:Cookie/Buzztone Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@www.buzztone[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@888[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@webpower[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@adultfriendfinder[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@offeroptimizer[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@rightmedia[3].txt
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Guest\Local Settings\Temp\~apropos0\ProxyStub.dll
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Guest\Local Settings\Temp\~apropos0\WinGenerics.dll
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Guest\Local Settings\Temp\THI3273.tmp\zserv.inf
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@belnk[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@ath.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@dist.belnk[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@winfixer[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@banner[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@btg.btgrab[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@azjmp[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@xiti[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@888[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@offeroptimizer[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@cassava[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Perflib_Perfdata_1584.dat
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\new account\Cookies\new account@atwola[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\new account\Cookies\new account@go[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account\Cookies\new account@dist.belnk[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\new account\Cookies\new account@image.checkmystats.com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account\Cookies\new account@belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\new account\Cookies\new account@atwola[1].txt
Spyware:Cookie/Bettersearch Not disinfected C:\Documents and Settings\new account\Cookies\new account@index[1].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\new account\Cookies\new account@www.advnt01[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\new account\Cookies\new account@azjmp[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\new account\Cookies\new account@banner[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\new account\Cookies\new account@webpower[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\new account\Cookies\new account@ccbill[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account\Cookies\new account@ath.belnk[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\new account\Cookies\new account@888[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\new account\Cookies\new account@winfixer[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\new account\Cookies\new account@cliks[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\new account\Cookies\new account@888[3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account\Cookies\new account@ath.belnk[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\new account\Cookies\new account@adultfriendfinder[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\new account\Cookies\new account@winfixer[3].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\new account\Cookies\new account@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account\Cookies\new account@belnk[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\new account\Cookies\new account@888[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\new account\Cookies\new account@bestoffersnetworks[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\new account\Cookies\new account@cassava[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\new account\Cookies\new account@offeroptimizer[4].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\new account\Cookies\new account@desktop.kazaa[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\new account\Cookies\new account@azjmp[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\new account\Cookies\new account@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\new account\Cookies\new account@searchportal.information[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\new account\Cookies\new account@atwola[3].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\new account\Cookies\new account@toplist[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account\Cookies\new account@dist.belnk[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\new account\Cookies\new account@i.screensavers[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\new account\Cookies\new account@btg.btgrab[2].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\new account\Cookies\new account@btg.btgrab[3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Yosef\Cookies\yosef@belnk[1].txt
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Yosef\Cookies\yosef@mysearch[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Yosef\Cookies\yosef@azjmp[2].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Yosef\Cookies\yosef@btg.btgrab[3].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Yosef\Cookies\yosef@offeroptimizer[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Yosef\Cookies\yosef@winfixer[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Yosef\Cookies\yosef@atwola[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Yosef\Cookies\yosef@go[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Yosef\Cookies\yosef@dist.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Yosef\Cookies\yosef@ath.belnk[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Yosef\Cookies\yosef@i.screensavers[2].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Yosef\Cookies\yosef@btg.btgrab[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Yosef\Cookies\yosef@searchportal.information[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Yosef\Cookies\yosef@offeroptimizer[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Yosef\Cookies\yosef@desktop.kazaa[1].txt
Adware:Adware/NewAds Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Local Settings\Temp\Temporary Internet Files\Content.IE5\21IFS1IT\Tspd[1].exe
Adware:Adware/NewAds Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Local Settings\Temp\Temporary Internet Files\Content.IE5\EZAZ6VEX\Tspd[2].exe
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@revenue[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@banners.searchingbooth[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@belnk[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@perf.overture[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@doubleclick[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@z1.adserver[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@questionmarket[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@c.enhance[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@stats1.reliablestats[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@888[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@hitbox[2].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@btg.btgrab[4].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@zedo[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@www.burstbeacon[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@offeroptimizer[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@ehg-ads.hitbox[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@2o7[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@statse.webtrendslive[2].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@findwhat[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@as-eu.falkag[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@realmedia[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@888[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@i.screensavers[2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@cliks[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@dist.belnk[2].txt
Spyware:Cookie/BestOffersNetworks Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@bestoffersnetworks[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@casalemedia[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@hc2.humanclick[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@trafficmp[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@fastclick[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@ads.pointroll[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@serving-sys[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@as-us.falkag[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@cassava[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@advertising[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\new account.COMPUTER-613\Cookies\new account@ad.yieldmanager[1].txt
Spy

Edited by brad1, 18 June 2006 - 08:27 PM.


#13 brad1

brad1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 18 June 2006 - 08:42 PM

forget about what I typed, I'm emailing you the Ewido-Log. It's waaaay tooo long for me to post it, and it's getting my mind all jambled up.

Edited by brad1, 18 June 2006 - 09:01 PM.


#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:24 AM

Posted 18 June 2006 - 08:44 PM

Edit - I see you already posted the rest... will reply afterwards

Edited by miekiemoes, 18 June 2006 - 08:46 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 brad1

brad1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 18 June 2006 - 08:44 PM

HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 10:08:55 PM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Kazaa\kazaa.exe
C:\Program Files\TBONBin\tbon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\new account.COMPUTER-613\Desktop\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\ZICORN003.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by brad1, 18 June 2006 - 09:13 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users